Drupal: Security update

social 8.x-6.5

1 week 4 days ago
Release notes

This fixes a bypass found for the social_magic_login for more info check:
Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075

Download Size md5 hash social-8.x-6.5-core.tar.gz 30.96 MB 1bc50ef8956aca773bda90e201fbb11c social-8.x-6.5-core.zip 45.9 MB 364d85cdf7bcf46e4a5342fff97f49c5 social-8.x-6.5-no-core.tar.gz 13.9 MB 83070f97820943f4f243542bbc08e7ce social-8.x-6.5-no-core.zip 18.22 MB e478e819c35305387e81e86414427a2f social-8.x-6.5.tar.gz 6.42 MB 6ad301d6d8780a01f10e5f1c0e38f905 social-8.x-6.5.zip 8.09 MB 56439359c570a309627320823a4cc19f Last updated: 6 Nov 2019 at 05:53 UTCOfficial release from tag: 8.x-6.5In this package Project Version Status Entity Reference Revisions 8.x-1.6 Update available Field Group 8.x-3.0-beta1 Update available Flag 8.x-4.0-alpha3 Update available1 patch applied Group 8.x-1.0-rc2 Update available6 patches applied Like & Dislike 8.x-1.0-alpha2 Update available1 patch applied Message 8.x-1.0-rc2 Update available1 patch applied Metatag 8.x-1.9 Update available Paragraphs 8.x-1.8 Update available Pathauto 8.x-1.4 Update available Private Message 8.x-1.2 Update available2 patches applied Profile 8.x-1.0-rc6 Update available Search API 8.x-1.14 Update available Address 8.x-1.7 Up to date Admin Toolbar 8.x-1.27 Up to date Block field 8.x-1.0-alpha8 Up to date1 patch applied Bootstrap 8.x-3.20 Up to date1 patch applied Chaos Tool Suite (ctools) 8.x-3.2 Up to date Configuration Update Manager 8.x-1.6 Up to date Crop API 8.x-1.5 Up to date1 patch applied CSV Serialization 8.x-2.0-beta1 Up to date Data Policy 8.x-1.0-beta6 Up to date Devel 8.x-2.1 Up to date Dynamic Entity Reference 8.x-1.7 Up to date Embed 8.x-1.0 Up to date Entity API 8.x-1.0-rc3 Up to date EXIF Orientation 8.x-1.0 Up to date Features 8.x-3.8 Up to date File metadata manager 8.x-1.1 Up to date Image Effects 8.x-2.3 Up to date Image Widget Crop 8.x-2.2 Up to date1 patch applied Lazy-load 8.x-2.0 Up to date2 patches applied Link CSS 8.x-1.x-dev Up to date Mail System 8.x-4.1 Up to date Override Node Options 8.x-2.4 Up to date Redirect 8.x-1.4 Up to date Redirect 403 to User Login 8.x-1.1 Up to date1 patch applied Shariff Social Media Buttons 8.x-1.5 Up to date Social API 8.x-1.1 Up to date Social Auth 8.x-1.0 Up to date Swift Mailer 8.x-1.0-beta2 Up to date1 patch applied Token 8.x-1.5 Up to date URL Embed 8.x-1.0-alpha1 Up to date3 patches applied Views Bulk Operations (VBO) 8.x-2.5 Up to date Views Infinite Scroll 8.x-1.6 Up to date Voting API 8.x-3.0-beta1 Up to date Patches applied in this package Project Patch issue Patch URL Block field #2978883: Add proper alter hooks for field rendering https://www.drupal.org/files/issues/2018-06-11/block_field-add-proper-alter-hooks-for-field-rendering-2978883-2.patch Bootstrap #3021413: Dropdown toggle variable ignored when using links__dropbutton https://www.drupal.org/files/issues/2018-12-19/dropdown-without-default-button-3021413-2.patch Crop API #2830768: Automated crop integration https://www.drupal.org/files/issues/2018-12-16/2830768-crop-automated_crop_integration-45.patch Drupal core #2974925: Default 'rid' value for Change User Roles causes an illegal error https://www.drupal.org/files/issues/2018-05-24/2974925-default-rid-config-causes-illegal-error.patch Drupal core #2528214: "Restrict images to this site" blocks image style derivatives https://www.drupal.org/files/issues/2018-10-26/2528214-47.patch Drupal core #2580551: Optimize getCommentedEntity() https://www.drupal.org/files/issues/2018-12-28/2580551-72.patch Drupal core #3007424: Multiple usages of FieldPluginBase::getEntity do not check for NULL, leading to WSOD https://www.drupal.org/files/issues/2019-05-06/drupal-Multiple-usages-of-FieldPluginBase-getEntity-3007424-15.patch Drupal core #2844190: Color module - Make preview_html optional https://www.drupal.org/files/issues/color-optional-html-preview-2844190-2.patch Drupal core #994360: #states cannot check/uncheck 'radios' and 'checkboxes' elements https://www.drupal.org/files/issues/drupal-994360-74-states-checkboxes-checked.patch Flag #2723703: Add relationship to flagged entities when Flagging is base table https://www.drupal.org/files/issues/2723703_31.patch Group #3010896: Don't try to re-save deleted entities https://www.drupal.org/files/issues/2018-11-01/3010896-02.patch Group #3020883: Use VBO together with group permission https://www.drupal.org/files/issues/2018-12-18/vbo-and-group-permission-3020883-5.patch Group #2774827: Get a token of a node's parent group to create a pathauto pattern https://www.drupal.org/files/issues/2018-12-19/group-2774827-41-gnode-tokens.patch Group #3054534: group_type and content_plugin of group_content_type are translatable https://www.drupal.org/files/issues/2019-05-14/group-content_schema-3054534-2-D8.patch Group #2718195: Add a computed field for entity's group(s) https://www.drupal.org/files/issues/add-computed-field-without-FieldItemListComputedInterface-2718195-34.patch Group #2943564: Separate group overview from 'administer group' permission https://www.drupal.org/files/issues/group-2943564-2.patch Image Widget Crop #3032584: Vertical Tabs get rendered incorrectly https://www.drupal.org/files/issues/2019-02-13/3032584-verticaltabs-theme-override-removal-2.patch Lazy-load #3056630: Getting enabled lazy configuration out of the database instead of the active config conflicts with OVerrides https://www.drupal.org/files/issues/2019-05-23/3056630-2.patch Lazy-load #3071331: Messages rendered on cron with enabled filter format return InvalidArgumentException https://www.drupal.org/files/issues/2019-07-30/3071331-lazy-cron-empty-path-2.patch Like & Dislike #2848080: Preview of nodes fail on trying to build like widget https://www.drupal.org/files/issues/2848080-2-preview-fails-on-node.patch Message #3000026: Notice: Undefined index: value in MessageTemplate->getText() https://www.drupal.org/files/issues/2018-09-16/undefined-index-value-3000026-2.patch Private Message #2978324: getThreadIdsForUser should be ordered DESC because it will not show message after the count https://www.drupal.org/files/issues/2018-06-08/2978324-getthreads-sort-order-2.patch Private Message #2977310: Own send messages are shown as new messages https://www.drupal.org/files/issues/2019-02-05/private_message-message_count-2977310-8_0.patch Redirect 403 to User Login #3010747: r4032login should perform access check for /user/login as anonymous user https://www.drupal.org/files/issues/2018-11-01/3010747-3-perform-access-check-as-an-user.patch Swift Mailer #2948607: Error after updating to beta2 https://www.drupal.org/files/issues/2018-03-26/2948607-fix-filter-format-1.patch URL Embed #2867668: Add a caching layer for oembed data https://www.drupal.org/files/issues/2018-03-16/url_embed-caching-layer-2867668-17.patch URL Embed #2953591: Translate dialog title https://www.drupal.org/files/issues/2018-03-16/url_embed_translate_dialog_title-2953591-2.patch URL Embed #2871744: WSOD if wrong url (or network unavailable) with the filter Convert URLs to URLs embed https://www.drupal.org/files/issues/url_embed_WSOD_convert_url_to_embed-2871744-5.patch Release type: Security updateCore compatibility: 8.xPackaged Git sha1: cded1868efd4976076c2b6f52175fd48db81a0dd
ronaldtebrake

social 8.x-7.1

1 week 4 days ago
Release notes

This fixes a bypass found for the social_magic_login for more info check:
Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075

Download Size md5 hash social-8.x-7.1-core.tar.gz 31.25 MB 5ec50731f8b87f826fa8ce37a6420fd4 social-8.x-7.1-core.zip 46.27 MB c672f5f46be63486020aac4835987323 social-8.x-7.1-no-core.tar.gz 14.19 MB 2bac4c88fbd716902e2960ff6ddf021b social-8.x-7.1-no-core.zip 18.58 MB b24c2c7b1a69ff3bc7b7545bc9c1ede7 social-8.x-7.1.tar.gz 6.63 MB 864b66ef2f13b641e309df014c1c3d4c social-8.x-7.1.zip 8.34 MB 65883d58dae4fbe69b52c45baa233ac4 Last updated: 6 Nov 2019 at 05:53 UTCOfficial release from tag: 8.x-7.1In this package Project Version Status Entity Reference Revisions 8.x-1.6 Update available Field Group 8.x-3.0-beta1 Update available Flag 8.x-4.0-alpha3 Update available1 patch applied Like & Dislike 8.x-1.0-alpha2 Update available1 patch applied Message 8.x-1.0-rc2 Update available1 patch applied Metatag 8.x-1.9 Update available Paragraphs 8.x-1.8 Update available Pathauto 8.x-1.4 Update available Private Message 8.x-1.2 Update available2 patches applied Profile 8.x-1.0-rc6 Update available Search API 8.x-1.14 Update available Views Bulk Operations (VBO) 8.x-3.2 Update available1 patch applied Address 8.x-1.7 Up to date Admin Toolbar 8.x-1.27 Up to date Better Exposed Filters 8.x-3.0-alpha6 Up to date Block field 8.x-1.0-alpha8 Up to date1 patch applied Bootstrap 8.x-3.20 Up to date1 patch applied Chaos Tool Suite (ctools) 8.x-3.2 Up to date Configuration Update Manager 8.x-1.6 Up to date Crop API 8.x-1.5 Up to date1 patch applied CSV Serialization 8.x-2.0-beta1 Up to date Data Policy 8.x-1.0-beta6 Up to date Devel 8.x-2.1 Up to date Dynamic Entity Reference 8.x-1.7 Up to date Embed 8.x-1.0 Up to date Entity API 8.x-1.0-rc3 Up to date EXIF Orientation 8.x-1.0 Up to date Features 8.x-3.8 Up to date File metadata manager 8.x-1.1 Up to date Group 8.x-1.0-rc4 Up to date7 patches applied Image Effects 8.x-2.3 Up to date Image Widget Crop 8.x-2.2 Up to date1 patch applied Lazy-load 8.x-2.0 Up to date2 patches applied Link CSS 8.x-1.x-dev Up to date Mail System 8.x-4.1 Up to date Override Node Options 8.x-2.4 Up to date Redirect 8.x-1.4 Up to date Redirect 403 to User Login 8.x-1.1 Up to date1 patch applied Shariff Social Media Buttons 8.x-1.5 Up to date Social API 8.x-1.1 Up to date Social Auth 8.x-1.0 Up to date Swift Mailer 8.x-1.0-beta2 Up to date1 patch applied Token 8.x-1.5 Up to date URL Embed 8.x-1.0-alpha1 Up to date3 patches applied Views Infinite Scroll 8.x-1.6 Up to date Voting API 8.x-3.0-beta1 Up to date Patches applied in this package Project Patch issue Patch URL Block field #2978883: Add proper alter hooks for field rendering https://www.drupal.org/files/issues/2018-06-11/block_field-add-proper-alter-hooks-for-field-rendering-2978883-2.patch Bootstrap #3021413: Dropdown toggle variable ignored when using links__dropbutton https://www.drupal.org/files/issues/2018-12-19/dropdown-without-default-button-3021413-2.patch Crop API #2830768: Automated crop integration https://www.drupal.org/files/issues/2018-12-16/2830768-crop-automated_crop_integration-45.patch Drupal core #2974925: Default 'rid' value for Change User Roles causes an illegal error https://www.drupal.org/files/issues/2018-05-24/2974925-default-rid-config-causes-illegal-error.patch Drupal core #2528214: "Restrict images to this site" blocks image style derivatives https://www.drupal.org/files/issues/2018-10-26/2528214-47.patch Drupal core #2580551: Optimize getCommentedEntity() https://www.drupal.org/files/issues/2018-12-28/2580551-72.patch Drupal core #3007424: Multiple usages of FieldPluginBase::getEntity do not check for NULL, leading to WSOD https://www.drupal.org/files/issues/2019-05-06/drupal-Multiple-usages-of-FieldPluginBase-getEntity-3007424-15.patch Drupal core #2844190: Color module - Make preview_html optional https://www.drupal.org/files/issues/color-optional-html-preview-2844190-2.patch Drupal core #994360: #states cannot check/uncheck 'radios' and 'checkboxes' elements https://www.drupal.org/files/issues/drupal-994360-74-states-checkboxes-checked.patch Flag #2723703: Add relationship to flagged entities when Flagging is base table https://www.drupal.org/files/issues/2723703_31.patch Group #3010896: Don't try to re-save deleted entities https://www.drupal.org/files/issues/2018-11-01/3010896-02.patch Group #2774827: Get a token of a node's parent group to create a pathauto pattern https://www.drupal.org/files/issues/2018-12-19/group-2774827-41-gnode-tokens.patch Group #3029849: Statically cache gnode_node_grants() https://www.drupal.org/files/issues/2019-01-31/gnode-access-grants-3029849-2.patch Group #3029878: Statically cache loadByEntity() https://www.drupal.org/files/issues/2019-01-31/gnode-loadbyentity-3029878-2.patch Group #3062380: After update to rc3 /admin/group view (groups list) is not found https://www.drupal.org/files/issues/2019-08-02/group-3062380-15.patch Group #3020883: Use VBO together with group permission https://www.drupal.org/files/issues/2019-10-09/vbo-and-group-permission-3020883-10.patch Group #2718195: Add a computed field for entity's group(s) https://www.drupal.org/files/issues/add-computed-field-without-FieldItemListComputedInterface-2718195-34.patch Image Widget Crop #3032584: Vertical Tabs get rendered incorrectly https://www.drupal.org/files/issues/2019-02-13/3032584-verticaltabs-theme-override-removal-2.patch Lazy-load #3056630: Getting enabled lazy configuration out of the database instead of the active config conflicts with OVerrides https://www.drupal.org/files/issues/2019-05-23/3056630-2.patch Lazy-load #3071331: Messages rendered on cron with enabled filter format return InvalidArgumentException https://www.drupal.org/files/issues/2019-07-30/3071331-lazy-cron-empty-path-2.patch Like & Dislike #2848080: Preview of nodes fail on trying to build like widget https://www.drupal.org/files/issues/2848080-2-preview-fails-on-node.patch Message #3000026: Notice: Undefined index: value in MessageTemplate->getText() https://www.drupal.org/files/issues/2018-09-16/undefined-index-value-3000026-2.patch Private Message #2978324: getThreadIdsForUser should be ordered DESC because it will not show message after the count https://www.drupal.org/files/issues/2018-06-08/2978324-getthreads-sort-order-2.patch Private Message #2977310: Own send messages are shown as new messages https://www.drupal.org/files/issues/2019-02-05/private_message-message_count-2977310-8_0.patch Redirect 403 to User Login #3010747: r4032login should perform access check for /user/login as anonymous user https://www.drupal.org/files/issues/2018-11-01/3010747-3-perform-access-check-as-an-user.patch Swift Mailer #2948607: Error after updating to beta2 https://www.drupal.org/files/issues/2018-03-26/2948607-fix-filter-format-1.patch URL Embed #2867668: Add a caching layer for oembed data https://www.drupal.org/files/issues/2018-03-16/url_embed-caching-layer-2867668-17.patch URL Embed #2953591: Translate dialog title https://www.drupal.org/files/issues/2018-03-16/url_embed_translate_dialog_title-2953591-2.patch URL Embed #2871744: WSOD if wrong url (or network unavailable) with the filter Convert URLs to URLs embed https://www.drupal.org/files/issues/url_embed_WSOD_convert_url_to_embed-2871744-5.patch Views Bulk Operations (VBO) #3042494: Trigger VBO Ajax action on jQuery checkbox change, not keyboard/mouse UI https://www.drupal.org/files/issues/2019-09-19/3042494-trigger-vbo-action-on-jquery-checkbox-change-5.patch Release type: Security updateCore compatibility: 8.xPackaged Git sha1: de3c4ac24a36b9043e0d53462f12aeba6708a342
ronaldtebrake

bat 8.x-1.2

1 month ago
Release notesContributors (1)

fietserwin

Jelle_S

larowlan

Changelog

Issues: 2 issues resolved.

Changes since 8.x-1.1:

Bug Security Update Download Size md5 hash bat-8.x-1.2.tar.gz 126.93 KB e94a6471289ff81c80f6b7221433d246 bat-8.x-1.2.zip 263.79 KB 801fec0cb60f723098b649d44cecf96b Last updated: 16 Oct 2019 at 16:13 UTCOfficial release from tag: 8.x-1.2Core compatibility: 8.xRelease type: Security updateBug fixesPackaged Git sha1: 1f52b11254df0f7f6c84da4f11e0a8ddeac8c415
greggles

img_annotator 8.x-1.2

1 month ago
Release notes

Security release

Original unsupport security advisory

Contributors (8)

Grimreaper, Pere Orga, David_Rothstein, abhaysaraf, greggles, rooby, mlhess, larowlan

Changelog

Issues: 1 issues resolved.

Changes since 8.x-1.1:

Task Download Size md5 hash img_annotator-8.x-1.2.tar.gz 15.96 KB 054ea1ab1e759ca98cd1d899d45a9d42 img_annotator-8.x-1.2.zip 23.84 KB 0b99d6bdad60cb77892ee533f59fe7bb Last updated: 16 Oct 2019 at 13:33 UTCOfficial release from tag: 8.x-1.2Core compatibility: 8.xRelease type: Security updateBug fixesPackaged Git sha1: 987d852576deac0652de425898900174bed67f6e
greggles

img_annotator 7.x-1.2

1 month ago
Release notes

Security release

Original unsupport security advisory

Contributors (8)

Grimreaper, Pere Orga, David_Rothstein, abhaysaraf, greggles, rooby, mlhess, larowlan

Changelog

Issues: 1 issues resolved.

Changes since 7.x-1.1:

Task Download Size md5 hash img_annotator-7.x-1.2.tar.gz 14.34 KB 89ee0d956f4c788485a4727cd6194072 img_annotator-7.x-1.2.zip 16.76 KB ca899a35a7b85f4db4ea41063b5c66a4 Last updated: 16 Oct 2019 at 13:33 UTCOfficial release from tag: 7.x-1.2Core compatibility: 7.xRelease type: Security updateBug fixesPackaged Git sha1: 821e0076daef0fc28bd5c7e76b5dc749061f3feb
greggles

maxlength 7.x-3.3

1 month 1 week ago
Release notes

See Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073.

Download Size md5 hash maxlength-7.x-3.3.tar.gz 15.58 KB 7d765c2646d9a02fbcd9e2d76b9aee32 maxlength-7.x-3.3.zip 17.69 KB 9ee39ae265dfaf62de96ef3eaed2da78 Last updated: 9 Oct 2019 at 15:08 UTCOfficial release from tag: 7.x-3.3Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: c9db941b6e831dc9326c2919875d57ce98620159
greggles

simple_amp 8.x-1.16

1 month 2 weeks ago
Release notes

This release fixes access issue of AMP version of unpublished or otherwise access controlled nodes.

Simple AMP (Accelerated Mobile Pages) - Moderately critical - Access bypass - SA-CONTRIB-2019-071

Download Size md5 hash simple_amp-8.x-1.16.tar.gz 27.21 KB d363c90198781ce17d40b59b13787478 simple_amp-8.x-1.16.zip 50.78 KB 96de2d2c94fb54dd7f1ec46d677bc1e4 Last updated: 2 Oct 2019 at 16:08 UTCOfficial release from tag: 8.x-1.16Core compatibility: 8.xRelease type: Security updateShort description: This release fixes access issue of AMP version of unpublished nodes.Packaged Git sha1: 0973d33a4e2d66ab3ba8b10da3bf28c56c366734
minnur

l10n_update 6.x-1.0-beta4

1 month 2 weeks ago
Release notesSecurity
  • Fixes Translations directory is not protected from executing scripts
Bugs
  • Backport from #2068683: hook_requirements() causes a refresh even when update frequency is set to 'check manually'
  • Issue #1883154 backport form D6: Translation version should not be more recent than core or module version.
  • Issue #1508016 by igor.ro: Fixed Drush set error if no translations to update.
  • Issue #1541624 by Sutharsan: Fixed Column l10n_update_project.server is NULL.
Download Size md5 hash l10n_update-6.x-1.0-beta4.tar.gz 37.06 KB 8a9a3fef9b28c5929241ce75b33c22ba l10n_update-6.x-1.0-beta4.zip 44.45 KB 36f8117299f71867e2c055120b9077bc Last updated: 1 Oct 2019 at 21:18 UTCOfficial release from tag: 6.x-1.0-beta4Core compatibility: 6.xRelease type: Security updateShort description: Fixes Translations directory is not protected from executing scriptsPackaged Git sha1: fa0d88aff4c6a6c006a36b58c0cfb3bfb7c3e03d
Sutharsan

l10n_update 7.x-2.3

1 month 2 weeks ago
Release notesSecurity Bugs
  • Issue #2922809 by Sutharsan: When trying to update i have "Recoverable fatal error: Argument 2 passed to format_string"
  • Issue #2916227 by Stevel: Fix head tests for l10n_update
Download Size md5 hash l10n_update-7.x-2.3.tar.gz 79.42 KB 6f0fafe8df31b8881e1bb7b57fb2fe70 l10n_update-7.x-2.3.zip 109.94 KB 2c2f0170a8e05c00560ec27fad6a0ace Last updated: 1 Oct 2019 at 20:58 UTCOfficial release from tag: 7.x-2.3Core compatibility: 7.xRelease type: Security updateShort description: Fixes Translations directory is not protected from executing scriptsPackaged Git sha1: afd90e91af5eca58e3830b51babe43dba30c8aeb
Sutharsan

l10n_update 7.x-1.2

1 month 2 weeks ago
Release notesSecurity Bugs
  • Issue #2591673 by hass: Schema inconsistencies
  • Issue #2594455 by Sutharsan: Backport translation download fallback
  • Backport from 7.x-2.x of issue #2559367: Issue with modules long names
  • By Sutharsan: PHP notice when project has no name in the info file.
Download Size md5 hash l10n_update-7.x-1.2.tar.gz 47.03 KB 59e69303b294c2f0c8a3079caaf99613 l10n_update-7.x-1.2.zip 58.73 KB 3dca5659b350bd2870c08ad8d33a2ad8 Last updated: 1 Oct 2019 at 20:58 UTCOfficial release from tag: 7.x-1.2Core compatibility: 7.xRelease type: Security updateShort description: Fixes Translations directory is not protected from executing scriptsPackaged Git sha1: abfe515a7a22a089385b56ef6461505c08857452
Sutharsan

ubercart 7.x-3.13

1 month 2 weeks ago
Release notes

Security release to fix Ubercart - Moderately critical - Cross-site-scripting

Ubercart - Moderately critical - Cross site scripting - SA-CONTRIB-2019-070

Two minor compatibility fixes for PHP 7.1 and above are also included.

No other significant changes have been made since the 7.x-3.12 release.

Download Size md5 hash ubercart-7.x-3.13.tar.gz 608.44 KB c0cb2ee62679786db6d35ba784321d89 ubercart-7.x-3.13.zip 907.16 KB 7509ef7e15ef802d432b7aa49aa8d687 Last updated: 1 Oct 2019 at 15:03 UTCOfficial release from tag: 7.x-3.13Core compatibility: 7.xRelease type: Security updateBug fixesPackaged Git sha1: ddcbd6b0fef4577361f397b76b92f0aec79f9f29
longwave

gutenberg 8.x-1.8

1 month 3 weeks ago
Release notes

Add access permission to block controller routes and other routes.

Gutenberg - Critical - Access bypass - SA-CONTRIB-2019-069.

Download Size md5 hash gutenberg-8.x-1.8.tar.gz 845.57 KB 8f1e1515cc6bd9b6bf8c47cba70949d3 gutenberg-8.x-1.8.zip 989.27 KB 5bba470fdd7c9e7b4634c8fdb95492a3 Last updated: 25 Sep 2019 at 13:48 UTCOfficial release from tag: 8.x-1.8Core compatibility: 8.xRelease type: Security updatePackaged Git sha1: 119db575c0915e0e057b4262250c69eed1857eb1
marcofernandes

permissions_by_term 8.x-2.11

1 month 3 weeks ago
Release notes
  • Added a test to check if unpublished nodes remain inaccessible to anonymous users
  • Before deciding on access permissions, check if an entity is even using restricted terms, otherwise just return neutral

Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-068

Download Size md5 hash permissions_by_term-8.x-2.11.tar.gz 665.17 KB 38757631f5c028c2b99fa4bb1a11af95 permissions_by_term-8.x-2.11.zip 716.82 KB 788431dcde10c20936effb962f3809ca Last updated: 25 Sep 2019 at 07:28 UTCOfficial release from tag: 8.x-2.11Core compatibility: 8.xRelease type: Security updateBug fixesPackaged Git sha1: c2bfd4c21837662ca6deec2821e9585151b5be8c
Peter Majmesku

create_user_permission 8.x-1.2

1 month 4 weeks ago
Release notes

Fixes an issue where the module would prevent the setting "Who can register accounts? Visitors, but administrator approval is required try to register an account" to have an effect.

Fixes SA-CONTRIB-2019-066.

Download Size md5 hash create_user_permission-8.x-1.2.tar.gz 9.08 KB 15e4986d6b085d7e147deb620f2545a6 create_user_permission-8.x-1.2.zip 13.4 KB aab488f3439e95db8dd428541de10738 Last updated: 18 Sep 2019 at 06:08 UTCOfficial release from tag: 8.x-1.2Core compatibility: 8.xRelease type: Security updatePackaged Git sha1: 85c9faa17c6fcbfc69c16ec994403767dadfcd57
eiriksm

tablefield 8.x-2.1

2 months ago
Release notes

This is a security update for tablefield.

Fixes SA-CONTRIB-2019-067.

Download Size md5 hash tablefield-8.x-2.1.tar.gz 21.46 KB 77068931e6040664afc538e4448bf0b5 tablefield-8.x-2.1.zip 33.74 KB beffd781a9163f32d7382fefdeeaecc8 Last updated: 17 Sep 2019 at 15:53 UTCOfficial release from tag: 8.x-2.1Core compatibility: 8.xRelease type: Security updatePackaged Git sha1: a0024035ed89fce3dfb171f5e64570a1ee612432
lolandese

gutenberg 8.x-1.7

2 months 1 week ago
Release notes

This release was followed up by 8.x-1.8 and all users interested in this release should actually use 8.x-1.8 or later release. However, since this release has relevant release notes with fixed issues it is published for posterity.

Security release

All routing paths defined on the module (gutenberg.routing.yml) have "access content" permission which allows anonymous users to access all those routes.

Fixes Download Size md5 hash gutenberg-8.x-1.7.tar.gz 845.38 KB c1c4d46739b18924018a328a9aa88c54 gutenberg-8.x-1.7.zip 988.98 KB 5509ca8509175a592d79c249d860b4c9 Last updated: 9 Sep 2019 at 13:18 UTCOfficial release from tag: 8.x-1.7Core compatibility: 8.xRelease type: InsecureSecurity updateBug fixesPackaged Git sha1: 89bfde61760a08d3c154cb7b2148495e09cb00ec
marcofernandes

imagecache_external 8.x-1.1

2 months 4 weeks ago
Release notes

Imagecache External - Critical - Insecure session token management - SA-CONTRIB-2019-065

Since the first release back in 2016, a lot of work has been done. This release also includes a security update.

Download Size md5 hash imagecache_external-8.x-1.1.tar.gz 17.76 KB 0e6c7677987f0d5fb21e55d7d8d1c966 imagecache_external-8.x-1.1.zip 25.05 KB 9a4463ba3a8fde8f4221e1572ba8284c Last updated: 20 Aug 2019 at 20:18 UTCOfficial release from tag: 8.x-1.1Core compatibility: 8.xRelease type: Security updateBug fixesNew featuresPackaged Git sha1: 1baf5ddf31d98d8d318735bc9833453a0c627e64
BarisW

scroll_to_top 7.x-2.2

3 months ago
Release notes

Fix XSS vulnerability from administration settings.

scroll to top - Moderately critical - Cross site scripting - SA-CONTRIB-2019-061

Download Size md5 hash scroll_to_top-7.x-2.2.tar.gz 10 KB 6b5c93242007381204e2d817b5520234 scroll_to_top-7.x-2.2.zip 11.48 KB 7e48570b6d13281cc4d0776a97c4df7e Last updated: 13 Aug 2019 at 20:08 UTCOfficial release from tag: 7.x-2.2Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: e65960ab66b1e6f5af1dad6bab800339ef1e1192
tarekdj

super_login 8.x-1.3

3 months ago
Release notes

Fixes to prevent XXS on administrative input fields.

Super Login - Moderately critical - Cross site scripting - SA-CONTRIB-2019-062

Download Size md5 hash super_login-8.x-1.3.tar.gz 13.73 KB 0f7b7873b266f4c6ff152ed47ea1dc84 super_login-8.x-1.3.zip 19.14 KB 85170c70ddc200850460f2c1d289bba0 Last updated: 13 Aug 2019 at 17:23 UTCOfficial release from tag: 8.x-1.3Core compatibility: 8.xRelease type: Security updatePackaged Git sha1: 0721160fc8445bfb34f56f854e2171fa3551e910
3CWebDev

super_login 7.x-1.4

3 months ago
Release notes

Fixes to prevent XXS on administrative input fields.

Super Login - Moderately critical - Cross site scripting - SA-CONTRIB-2019-062

Download Size md5 hash super_login-7.x-1.4.tar.gz 21.23 KB f2a11bd9e417b3adb0f8bf778b914ef8 super_login-7.x-1.4.zip 24.26 KB d1738f50119f46704a0d4f1e6950c027 Last updated: 13 Aug 2019 at 16:48 UTCOfficial release from tag: 7.x-1.4Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: 0cb08f5e8a4c4bca8b3e40836f14f696c1146c36
3CWebDev
Checked
1 hour 8 minutes ago
Subscribe to Drupal: Security update feed