Drupal: Security update

drupal 8.7.5

5 days 7 hours ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 8.7.x will receive security coverage until June 3, 2020 when Drupal 8.9.0 is released.
  • Sites on 8.6.x or earlier do not require an update for this release.
  • Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage.
Important update information
  • For sites with the Workspaces module enabled, update.php needs to run to ensure a required cache clear. If there is a reverse proxy cache or content delivery network (e.g. Varnish, CloudFlare) it is also advisable to clear these as well.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Download Size md5 hash drupal-8.7.5.tar.gz 17.02 MB 39cc326d9db1b4acce9b8716193189fd drupal-8.7.5.zip 27.17 MB 6ce957e2ff480db3e2f3eb84c01078e0 Last updated: 17 Jul 2019 at 16:28 UTCOfficial release from tag: 8.7.5Core compatibility: 8.xRelease type: Security updateShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: 7861b6b23996134c5e44bf287e5431db1ddd0cda
xjm

imagecache_actions 7.x-1.10

5 days 16 hours ago
Release notes

Fixes: ImageCache Actions - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-056

  • Use json for exporting image styles.
  • Introduce new permission for importing image styles marked as having security implications.
Download Size md5 hash imagecache_actions-7.x-1.10.tar.gz 2.01 MB 6d9bb9c19a9a9bf6a2f63596e3210140 imagecache_actions-7.x-1.10.zip 2.05 MB 8479cc9a2805cf3a5ddf5ca8af52f07c Last updated: 17 Jul 2019 at 06:48 UTCOfficial release from tag: 7.x-1.10Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: ce4e1f53013a3bb28e161eab8ad06ecdf8b129d0
fietserwin

metatags_quick 7.x-2.10

6 days 9 hours ago
Release notes

Fixes: Meta tags quick - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-057

Download Size md5 hash metatags_quick-7.x-2.10.tar.gz 28.08 KB 21fd5578584a9c5ae391333769b3bc07 metatags_quick-7.x-2.10.zip 36.19 KB f86e23e184ef8a895e0627508d63c1a5 Last updated: 16 Jul 2019 at 14:18 UTCOfficial release from tag: 7.x-2.10Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: 1c9ee5c3d076f40463a0ece02e9bafaadf53174a
valthebald

config_perms 8.x-1.2

1 week 5 days ago
Release notes

Also fixes Custom Permissions - Critical - Access bypass - SA-CONTRIB-2019-055.

Contributors (3)

alonaoneill, volkswagenchick, Pavan B S

Changelog

Issues: 2 issues resolved.

Changes since 8.x-1.1:

Task Download Size md5 hash config_perms-8.x-1.2.tar.gz 12.89 KB 3ae9c3f37346096ee4795be72337694c config_perms-8.x-1.2.zip 21.22 KB 1cbf8279d91727ff6d2660ed768d33ff Last updated: 10 Jul 2019 at 16:23 UTCOfficial release from tag: 8.x-1.2Core compatibility: 8.xRelease type: Security updatePackaged Git sha1: 5ad12408b245077be9b4df2c59ad063409ce64ad
gnuget

advanced_forum 7.x-2.8

3 weeks 5 days ago
Release notes

Fixes Advanced Forum - Critical - Cross Site Scripting - SA-CONTRIB-2019-054

Changes since 7.x-2.6:

  • Tweaks to preprocessing.
  • #2745251 by Michelle: Empty text should not assume filtered_html format exists
  • #2612528 by Елин Й.: "Quick reply" link doesn't work if the comment form gets an id like "comment-form--2"
  • Add gitignore
  • #2612528 by pc-wurm: "Quick reply" link doesn't work if the comment form gets an id like "comment-form--2"
  • #2599500 by eugene.ilyin, podarok: Opportunity to use fields from taxonomy term on the forum form

(Note that there was no 7.x-2.7 as 7.x-2.7-rc0 didn't progress to a full release.)

Download Size md5 hash advanced_forum-7.x-2.8.tar.gz 165.02 KB 8a3f97ca4a4821b6a8ebb1853d3a0e37 advanced_forum-7.x-2.8.zip 239.2 KB aa6982277b7e1577b052e340367e1486 Last updated: 26 Jun 2019 at 11:18 UTCOfficial release from tag: 7.x-2.8Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: b22fdfe2ffc3b1d3f12e9cc2be0ecdb8d088f2d1
mcdruid

easy_breadcrumb 7.x-2.17

1 month ago
Release notes

Fixes Easy Breadcrumb - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-053

Changes since 7.x-2.16:

Special thanks to jgarlan and pkaur for the original report and mcdruid from the Drupal Security Team to resolve the issue.

Download Size md5 hash easy_breadcrumb-7.x-2.17.tar.gz 17.57 KB 9c1ff08419ec6450215ae88375d32fb0 easy_breadcrumb-7.x-2.17.zip 21.58 KB 1aa368a23c0a86f6808956b1133ebe91 Last updated: 19 Jun 2019 at 12:03 UTCOfficial release from tag: 7.x-2.17Core compatibility: 7.xRelease type: Security updateShort description: Release has a major improvement to handling texts.Packaged Git sha1: 92ffa3ceefe6631ec60a43a63c0dca4fd1203fa3
tatarbj

uuid 7.x-1.3

1 month 3 weeks ago
Release notes

Changes since 7.x-1.2:

Download Size md5 hash uuid-7.x-1.3.tar.gz 36.82 KB 2645ca9ea69e1ac3034f6b9270730279 uuid-7.x-1.3.zip 49.35 KB b637dab36f016b666d1b515b36c9d8f6 Last updated: 29 May 2019 at 17:28 UTCOfficial release from tag: 7.x-1.3Core compatibility: 7.xRelease type: Security updateBug fixesPackaged Git sha1: 23029446120ed1ed51d9281c4741721c7b5cae5b
Manuel Garcia

tablefield 7.x-3.5

1 month 3 weeks ago
Release notes

This is a security update for tablefield.
See https://www.drupal.org/sa-contrib-2019-051 for more info

Download Size md5 hash tablefield-7.x-3.5.tar.gz 33.78 KB 8cb6b81cd27a59122ef88b100cda1e2b tablefield-7.x-3.5.zip 36.92 KB 58b21b4da1ad6db4c4bc389de6ec45d5 Last updated: 29 May 2019 at 08:28 UTCOfficial release from tag: 7.x-3.5Core compatibility: 7.xRelease type: Security updateShort description: This is a security update for tablefield.Packaged Git sha1: 033451ea5b4f849a0a7b3c03f1992930e080057b
jenlampton

tablefield 7.x-2.8

1 month 3 weeks ago
Release notes

This is a security update for tablefield.
See https://www.drupal.org/sa-contrib-2019-051 for more info

Download Size md5 hash tablefield-7.x-2.8.tar.gz 22.91 KB 172364659b4e6b9dd7b3cb544ffe477e tablefield-7.x-2.8.zip 25 KB 438b9600b809f28006c4e3fbb39ea392 Last updated: 29 May 2019 at 08:23 UTCOfficial release from tag: 7.x-2.8Core compatibility: 7.xRelease type: Security updateShort description: This is a security update for tablefield.Packaged Git sha1: 4928ca3d5b29c2dfbccc58ef96e3a0486703f289
jenlampton

workflow 7.x-2.12

2 months ago
Release notes

Fixes SA-CONTRIB-2019-049

This new release contains the following bug fixes:

  • Incorrect translations
  • 'object' type declaration is not present in PHP version 7.1 or earlier
  • "Show the form in a fieldset?" setting is not saved
  • Workflow Field integration with Views and some minor issues
  • WSOD "Call to a member function label() on a non-object" when trying to import a Workflow
  • Notify on (created) -> Whatever
Download Size md5 hash workflow-7.x-2.12.tar.gz 165.97 KB 77d9becd82fed1ceb988277abaa55d78 workflow-7.x-2.12.zip 227.14 KB 89e9e586f2814ec0f1c50fc77a70604b Last updated: 22 May 2019 at 07:13 UTCOfficial release from tag: 7.x-2.12Core compatibility: 7.xRelease type: Security updateBug fixesPackaged Git sha1: 356844db090d2e70d091da9d90293e4339856962
johnv

menu_item_extras 8.x-2.5

2 months ago
Release notes

Issue #3042824: Drupal 9 Deprecated Code Report
Issue #3030611: Remove dependency on ckeditor
Issue #3032279: Menu Link Parent ID is null
Fixes Menu Item Extras - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2019-050

Download Size md5 hash menu_item_extras-8.x-2.5.tar.gz 2.85 MB eae5de4309523ba35f1aa001115c1133 menu_item_extras-8.x-2.5.zip 2.89 MB 822da506b3c4fd585868119026b5f7df Last updated: 21 May 2019 at 14:23 UTCOfficial release from tag: 8.x-2.5Core compatibility: 8.xRelease type: Security updateBug fixesPackaged Git sha1: f7c668cd77d2758ad7a4b4b1fb1436f289e5c096
ozin

opigno_learning_path 8.x-1.4

2 months 1 week ago
Release notes

Fixing issue regarding anonymous users access to join semi private learning paths

Download Size md5 hash opigno_learning_path-8.x-1.4.tar.gz 269.2 KB 3f21ae245b2a3c0d620a5a2c8eefc471 opigno_learning_path-8.x-1.4.zip 368.62 KB 788f4f0e3fb8dac98df1837c19eef87f Last updated: 15 May 2019 at 07:38 UTCOfficial release from tag: 8.x-1.4Core compatibility: 8.xRelease type: Security updateBug fixesShort description: Fixing issue regarding anonymous users access to join semi private learning pathsPackaged Git sha1: b9b23f6ef07e03b031613a447d44f8bd468855c6
Jamesap

opigno_forum 8.x-1.2

2 months 1 week ago
Release notes

Replacing node access with node grants

Download Size md5 hash opigno_forum-8.x-1.2.tar.gz 11.88 KB 7cd3d591fc78724435ca3820f96c64ff opigno_forum-8.x-1.2.zip 16.42 KB c57df8a1c7f7227a13b21083708dc29b Last updated: 15 May 2019 at 07:33 UTCOfficial release from tag: 8.x-1.2Core compatibility: 8.xRelease type: Security updateBug fixesShort description: Replacing node access with node grantsPackaged Git sha1: 77f60bf7c943bb4d55b09a5a8ca8ba1d199636bd
Jamesap

multiple_registration 8.x-2.8

2 months 1 week ago
Release notes

Fixed critical issue related to privilege escalation vulnerability.

Download Size md5 hash multiple_registration-8.x-2.8.tar.gz 19 KB 2e62451b24d5f62f10d4fb5685a53ae0 multiple_registration-8.x-2.8.zip 29.09 KB 68262aaa5399be7da4676570e3d29ac1 Last updated: 14 May 2019 at 16:18 UTCOfficial release from tag: 8.x-2.8Core compatibility: 8.xRelease type: Security updatePackaged Git sha1: f931695af43c2d007c67dad7459ea82a3243ec5e
ysamoylenko

drupal 8.7.1

2 months 2 weeks ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 8.7.x will receive security coverage until June 3, 2020 when Drupal 8.9.0 is released.
  • Sites on 8.6.x or earlier should update immediately to Drupal 8.6.16 instead, and plan to update to the latest 8.7.x release before December 4, 2019 (when Drupal 8.8.0 is scheduled for release and 8.6.x security coverage ends).
  • Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Known issues Download Size md5 hash drupal-8.7.1.tar.gz 16.99 MB 2cf2a1c93ea785c6ff91d29aebef2697 drupal-8.7.1.zip 27.13 MB d9efdccdfc046e7147c099af3b1492dd Last updated: 8 May 2019 at 17:13 UTCOfficial release from tag: 8.7.1Core compatibility: 8.xRelease type: Security updateShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: 553207a347f92dce802d7ea9e4d9602c5b090775
xjm

drupal 8.6.16

2 months 2 weeks ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Sites on 8.6.x will receive security coverage until December 4, 2019 (when Drupal 8.8.0 is scheduled for release and 8.6.x security coverage ends).
  • Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage.
  • Important update information
    • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

    Known issues
Download Size md5 hash drupal-8.6.16.tar.gz 16.36 MB a0683ae0b0ea99845a6bf45383671cb9 drupal-8.6.16.zip 26.07 MB bfa458f26ffc9b5ae70f611ccb8010c3 Last updated: 8 May 2019 at 17:13 UTCOfficial release from tag: 8.6.16Core compatibility: 8.xRelease type: Security updateShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: 9d60ac244d73ffd69d651f52d8642307c22f633a
xjm

drupal 7.67

2 months 2 weeks ago
Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Known issues Download Size md5 hash drupal-7.67.tar.gz 3.16 MB 78b1814e55fdaf40e753fd523d059f8d drupal-7.67.zip 3.67 MB bfb86f927e778589f91492108a2fdd34 Last updated: 8 May 2019 at 17:13 UTCOfficial release from tag: 7.67Core compatibility: 7.xRelease type: Security updateShort description: Supported until November 2021. Use this version for sites already running Drupal 7.Packaged Git sha1: 09a33aa82ad15d5179322199f694f1fa7e6fb3e2
xjm

drupal 8.7.0-rc1

3 months ago
Release notes

This is a release candidate for the next feature release of Drupal 8. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.

This release fixes security vulnerabilities present in 8.7.0-beta2. Sites are urged to upgrade immediately after reading the security announcement and notes below:

This minor release candidate provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Minor releases may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

Important update information

For a full list of important changes since 8.6.x, also see the following:

People planning to update to this release should take note of the following important issues:

Important bug fixes

The following important issues are fixed in Drupal 8.7.0-rc1.

Resolved issues from the minor release beta testing program

Beginning with Drupal 8.7.0-beta1, the Drupal Association and the Drupal core maintainers are partnering with agencies and site owners in an official beta testing program for Drupal core minor releases. The program aims to identify and minimize regressions in minor releases. Participating in the program is a way to contribute to the Drupal project and will be credited accordingly.

The following critical issues have been resolved thanks to the beta testing program:

Other important bug fixes Known issues

Search the issue queue for all known issues.

All changes since 8.7.0-beta2 Download Size md5 hash drupal-8.7.0-rc1.tar.gz 16.99 MB b7477fa073172b87aba05c4c719110d1 drupal-8.7.0-rc1.zip 27.27 MB 6529657baa17dbffd1dfc2c84e45e571 Last updated: 18 Apr 2019 at 16:03 UTCOfficial release from tag: 8.7.0-rc1Core compatibility: 8.xRelease type: Security updateBug fixesNew featuresInsecureShort description: Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release.Packaged Git sha1: 7b9a6a5cca81d933bf4dededf6c99fccc1453ffb
xjm

drupal 7.66

3 months ago
Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

update.php must be run after updating to ensure changes from the patch take effect.

Download Size md5 hash drupal-7.66.tar.gz 3.15 MB fe1b9e18d7fc03fac6ff4e039ace5b0b drupal-7.66.zip 3.65 MB b7e313c02c871eddfeb687341f2f0d48 Last updated: 17 Apr 2019 at 20:33 UTCOfficial release from tag: 7.66Core compatibility: 7.xRelease type: Security updateInsecureShort description: Supported until November 2021. Use this version for sites already running Drupal 7.Packaged Git sha1: 9735baff3afe061f98e568c1d1f83d56f3a0212a
xjm

drupal 8.5.15

3 months ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage. Sites on 8.5.x will receive security coverage until May 1, 2019 (when Drupal 8.7.0 is scheduled for release and 8.5.x security coverage ends).

Important update information
  • update.php must be run after updating to ensure changes from the patch take effect.

  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Download Size md5 hash drupal-8.5.15.tar.gz 15.09 MB 7a4ba499132c834e5d33bccae5ac1430 drupal-8.5.15.zip 24.33 MB 36988c72d02b4a3f9870970dc6af43dc Last updated: 17 Apr 2019 at 20:33 UTCOfficial release from tag: 8.5.15Core compatibility: 8.xRelease type: Security updateInsecureInsecureShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: c5bc3922f27c93ab3669428a504212adb801400f
xjm
Checked
14 seconds ago
Subscribe to Drupal: Security update feed