This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met:
rest
) module enabled.PATCH
requests.While we don’t normally provide security releases for unsupported minor releases, given the potential severity of this issue, we have also provided an 8.2.x release to ensure that sites that have not had a chance to update to 8.3.0 can update safely.