"Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access. ... If you are using Drupal 9.2, update to Drupal 9.2.9. If you are using Drupal 9.1, update to Drupal 9.1.14. If you are using Drupal 8.9, update to Drupal 8.9.20." Please bump.
commit 2a62cefe6dd6583f8d8de73447a70be15396bf52 Author: Alfredo Tupone <tupone@gentoo.org> Date: Wed May 4 11:35:32 2022 +0200 www-apps/drupal: drop old versions
Thanks!