Last week we had advanced warning of a critical security update to Drupal core versions 6, 7 and 8. The message was that we should do these updates immediately as a remotely exploitable hole was being fixed.
The patches were due for release at 7pm GMT and we waited with developers across the world as the Drupal site crashed briefly. By 8pm we had the new code and by 10pm all of our sites were either patched with the short term fix supplied by Drupal or updated to the new secure release.
The whole process was handled very well by the Drupal Security Team and allowed developers to patch sites very quickly. The exploit hasn't been explicitly described as yet and we are not aware of any Drupal sites being compromised anywhere in the world. Read more on here on The Register: