A few hours ago, a new Drupal 8 update was announced , specifically version 8.1.7, which contains fixes for a new security vulnerability .
Upgrading existing Drupal 8 sites is highly recommended. There are no new features or fixes in this release.
The Drupal security team asks all site administrators to perform the update as soon as possible since having a rating of 20 out of 25 on the risk scale, it is very likely that potential attackers will take advantage of the vulnerability after a few hours or days after the updates are disclosed.
Description:
Drupal 8 uses the PHP Guzzle contrib library to make server-side HTTP requests. An attacker can make a proxy server which Guzzle will use on unpatched sites. Details of this are explained at https://httpoxy.org/