Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days," the...

Spring Office Hours Podcast: S5E16 - May Release Train Shift & What's Coming in Spring Boot 4.1

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun break down the recently announced shift of the May release train from May 11-22 to June 1-5, and what that means for your upgrade planning across the Spring portfolio. They also dig...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-41345 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41345 Source advisory: SNYK:JS-OPENCLAW-15894815...

CVE-2010-20103

The CVE-2010-20103 issue concerns ProFTPD 1.3.3c, where a backdoor was embedded in the official source tarball (distributed between 2010-11-28 and 2010-12-02). The backdoor provides a hidden FTP command trigger allowing remote, unauthenticated attackers to execute arbitrary shell commands with ro...