UPDATE: Stage 1 of v15.0 stable release is now available. It includes 47 updated appliance ISOs. Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. Stage 3 includes 35 additional appliances; including info on 3 new v15.0 appliances, plus other notes of interest.
Late last week, the Drupal Security Team announced a "Highly critical" remote code execution vulnerability that affects Drupal 6 (EOL), Drupal 7 and Drupal 8. SA-CORE-2018-002 dubbed "Drupalgeddon2" was discovered by Jasper Mattsson. Drupal scores it a whopping 21 (out of a possible 25) "Security Risk Level". All users are recommended to update their Drupal sites immediately.