Drupal: Security update

workflow 7.x-2.12

2 days 16 hours ago
Release notes

Fixes SA-CONTRIB-2019-049

This new release contains the following bug fixes:

  • Incorrect translations
  • 'object' type declaration is not present in PHP version 7.1 or earlier
  • "Show the form in a fieldset?" setting is not saved
  • Workflow Field integration with Views and some minor issues
  • WSOD "Call to a member function label() on a non-object" when trying to import a Workflow
  • Notify on (created) -> Whatever
Download Size md5 hash workflow-7.x-2.12.tar.gz 165.97 KB 77d9becd82fed1ceb988277abaa55d78 workflow-7.x-2.12.zip 227.14 KB 89e9e586f2814ec0f1c50fc77a70604b Last updated: 22 May 2019 at 07:13 UTCOfficial release from tag: 7.x-2.12Core compatibility: 7.xRelease type: Security updateBug fixesPackaged Git sha1: 356844db090d2e70d091da9d90293e4339856962
johnv

menu_item_extras 8.x-2.5

3 days 9 hours ago
Release notes

Issue #3042824: Drupal 9 Deprecated Code Report
Issue #3030611: Remove dependency on ckeditor
Issue #3032279: Menu Link Parent ID is null
Fixes Menu Item Extras - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2019-050

Download Size md5 hash menu_item_extras-8.x-2.5.tar.gz 2.85 MB eae5de4309523ba35f1aa001115c1133 menu_item_extras-8.x-2.5.zip 2.89 MB 822da506b3c4fd585868119026b5f7df Last updated: 21 May 2019 at 14:23 UTCOfficial release from tag: 8.x-2.5Core compatibility: 8.xRelease type: Security updateBug fixesPackaged Git sha1: f7c668cd77d2758ad7a4b4b1fb1436f289e5c096
ozin

opigno_learning_path 8.x-1.4

1 week 2 days ago
Release notes

Fixing issue regarding anonymous users access to join semi private learning paths

Download Size md5 hash opigno_learning_path-8.x-1.4.tar.gz 269.2 KB 3f21ae245b2a3c0d620a5a2c8eefc471 opigno_learning_path-8.x-1.4.zip 368.62 KB 788f4f0e3fb8dac98df1837c19eef87f Last updated: 15 May 2019 at 07:38 UTCOfficial release from tag: 8.x-1.4Core compatibility: 8.xRelease type: Security updateBug fixesShort description: Fixing issue regarding anonymous users access to join semi private learning pathsPackaged Git sha1: b9b23f6ef07e03b031613a447d44f8bd468855c6
Jamesap

opigno_forum 8.x-1.2

1 week 2 days ago
Release notes

Replacing node access with node grants

Download Size md5 hash opigno_forum-8.x-1.2.tar.gz 11.88 KB 7cd3d591fc78724435ca3820f96c64ff opigno_forum-8.x-1.2.zip 16.42 KB c57df8a1c7f7227a13b21083708dc29b Last updated: 15 May 2019 at 07:33 UTCOfficial release from tag: 8.x-1.2Core compatibility: 8.xRelease type: Security updateBug fixesShort description: Replacing node access with node grantsPackaged Git sha1: 77f60bf7c943bb4d55b09a5a8ca8ba1d199636bd
Jamesap

multiple_registration 8.x-2.8

1 week 3 days ago
Release notes

Fixed critical issue related to privilege escalation vulnerability.

Download Size md5 hash multiple_registration-8.x-2.8.tar.gz 19 KB 2e62451b24d5f62f10d4fb5685a53ae0 multiple_registration-8.x-2.8.zip 29.09 KB 68262aaa5399be7da4676570e3d29ac1 Last updated: 14 May 2019 at 16:18 UTCOfficial release from tag: 8.x-2.8Core compatibility: 8.xRelease type: Security updatePackaged Git sha1: f931695af43c2d007c67dad7459ea82a3243ec5e
ysamoylenko

drupal 8.7.1

2 weeks 2 days ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Sites on 8.6.x or earlier should update immediately to Drupal 8.6.16 instead, and plan to update to the latest 8.7.x release before December 4, 2019 (when Drupal 8.8.0 is scheduled for release and 8.6.x security coverage ends).

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Known issues Download Size md5 hash drupal-8.7.1.tar.gz 16.99 MB 2cf2a1c93ea785c6ff91d29aebef2697 drupal-8.7.1.zip 27.13 MB d9efdccdfc046e7147c099af3b1492dd Last updated: 8 May 2019 at 17:13 UTCOfficial release from tag: 8.7.1Core compatibility: 8.xRelease type: Security updateShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: 553207a347f92dce802d7ea9e4d9602c5b090775
xjm

drupal 8.6.16

2 weeks 2 days ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage. Sites on 8.6.x will receive security coverage until December 4, 2019 (when Drupal 8.8.0 is scheduled for release and 8.6.x security coverage ends).

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Known issues Download Size md5 hash drupal-8.6.16.tar.gz 16.36 MB a0683ae0b0ea99845a6bf45383671cb9 drupal-8.6.16.zip 26.07 MB bfa458f26ffc9b5ae70f611ccb8010c3 Last updated: 8 May 2019 at 17:13 UTCOfficial release from tag: 8.6.16Core compatibility: 8.xRelease type: Security updateShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: 9d60ac244d73ffd69d651f52d8642307c22f633a
xjm

drupal 7.67

2 weeks 2 days ago
Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Known issues Download Size md5 hash drupal-7.67.tar.gz 3.16 MB 78b1814e55fdaf40e753fd523d059f8d drupal-7.67.zip 3.67 MB bfb86f927e778589f91492108a2fdd34 Last updated: 8 May 2019 at 17:13 UTCOfficial release from tag: 7.67Core compatibility: 7.xRelease type: Security updateShort description: Supported until November 2021. Use this version for sites already running Drupal 7.Packaged Git sha1: 09a33aa82ad15d5179322199f694f1fa7e6fb3e2
xjm

drupal 8.7.0-rc1

1 month ago
Release notes

This is a release candidate for the next feature release of Drupal 8. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.

This release fixes security vulnerabilities present in 8.7.0-beta2. Sites are urged to upgrade immediately after reading the security announcement and notes below:

This minor release candidate provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Minor releases may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

Important update information

For a full list of important changes since 8.6.x, also see the following:

People planning to update to this release should take note of the following important issues:

Important bug fixes

The following important issues are fixed in Drupal 8.7.0-rc1.

Resolved issues from the minor release beta testing program

Beginning with Drupal 8.7.0-beta1, the Drupal Association and the Drupal core maintainers are partnering with agencies and site owners in an official beta testing program for Drupal core minor releases. The program aims to identify and minimize regressions in minor releases. Participating in the program is a way to contribute to the Drupal project and will be credited accordingly.

The following critical issues have been resolved thanks to the beta testing program:

Other important bug fixes Known issues

Search the issue queue for all known issues.

All changes since 8.7.0-beta2 Download Size md5 hash drupal-8.7.0-rc1.tar.gz 16.99 MB b7477fa073172b87aba05c4c719110d1 drupal-8.7.0-rc1.zip 27.27 MB 6529657baa17dbffd1dfc2c84e45e571 Last updated: 18 Apr 2019 at 16:03 UTCOfficial release from tag: 8.7.0-rc1Core compatibility: 8.xRelease type: Security updateBug fixesNew featuresShort description: Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release.Packaged Git sha1: 7b9a6a5cca81d933bf4dededf6c99fccc1453ffb
xjm

drupal 7.66

1 month 1 week ago
Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

update.php must be run after updating to ensure changes from the patch take effect.

Download Size md5 hash drupal-7.66.tar.gz 3.15 MB fe1b9e18d7fc03fac6ff4e039ace5b0b drupal-7.66.zip 3.65 MB b7e313c02c871eddfeb687341f2f0d48 Last updated: 17 Apr 2019 at 20:33 UTCOfficial release from tag: 7.66Core compatibility: 7.xRelease type: Security updateInsecureShort description: Supported until November 2021. Use this version for sites already running Drupal 7.Packaged Git sha1: 9735baff3afe061f98e568c1d1f83d56f3a0212a
xjm

drupal 8.5.15

1 month 1 week ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage. Sites on 8.5.x will receive security coverage until May 1, 2019 (when Drupal 8.7.0 is scheduled for release and 8.5.x security coverage ends).

Important update information
  • update.php must be run after updating to ensure changes from the patch take effect.

  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Download Size md5 hash drupal-8.5.15.tar.gz 15.09 MB 7a4ba499132c834e5d33bccae5ac1430 drupal-8.5.15.zip 24.33 MB 36988c72d02b4a3f9870970dc6af43dc Last updated: 17 Apr 2019 at 20:33 UTCOfficial release from tag: 8.5.15Core compatibility: 8.xRelease type: Security updateInsecureInsecureShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: c5bc3922f27c93ab3669428a504212adb801400f
xjm

drupal 8.6.15

1 month 1 week ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Sites on 8.5.x or earlier should update immediately to Drupal 8.5.15 instead, and plan to update to the latest 8.6.x release before May 1, 2019 (when Drupal 8.7.0 is scheduled for release and 8.5.x security coverage ends).

Important update information
  • update.php must be run after updating to ensure changes from the patch take effect.

  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Download Size md5 hash drupal-8.6.15.tar.gz 16.34 MB 85ae6b9f7309cc8564331fd77369dffd drupal-8.6.15.zip 26.05 MB e4b7dbf1f8aa66b01a3d10cc30641f5e Last updated: 17 Apr 2019 at 20:33 UTCOfficial release from tag: 8.6.15Core compatibility: 8.xRelease type: Security updateInsecureInsecureShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: 91ded4b7776e05ee9633bdc1c458b41c718133e0
xjm

stage_file_proxy 7.x-1.9

1 month 1 week ago
Release notes

See Stage File Proxy - Less critical - Denial of Service - SA-CONTRIB-2019-044.

Changes since 7.x-1.8:

  • Perform extra validation prior to creating directories/files
Download Size md5 hash stage_file_proxy-7.x-1.9.tar.gz 14.34 KB 1bcb87f25ab652e9ed78c40520717aaa stage_file_proxy-7.x-1.9.zip 18.3 KB d1fd7b301dc46d2116b05bcd73a3c0f2 Last updated: 17 Apr 2019 at 15:43 UTCOfficial release from tag: 7.x-1.9Core compatibility: 7.xRelease type: Security updateShort description: Includes a security fix to avoid denial of servicePackaged Git sha1: 39ea5cd68f591eec0526f15d6868b4aa9061bff3
greggles

tablefield 7.x-2.7

1 month 1 week ago
Release notes

Fixes TableField - Critical - Remote Code Execution - SA-CONTRIB-2019-045.

Download Size md5 hash tablefield-7.x-2.7.tar.gz 22.64 KB 18d7d73239ee74f3509695a0f28703d7 tablefield-7.x-2.7.zip 24.73 KB aacd88d948a8b26240be5713ab7c142e Last updated: 16 Apr 2019 at 20:13 UTCOfficial release from tag: 7.x-2.7Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: 95097ba51da7740cf1f6436d13fb3d0b83a521a8
lolandese

tablefield 7.x-3.4

1 month 1 week ago
Release notes

Fixes TableField - Critical - Remote Code Execution - SA-CONTRIB-2019-045.

Download Size md5 hash tablefield-7.x-3.4.tar.gz 32.49 KB 90fe05d4e040215f11cc1a1b39be7ace tablefield-7.x-3.4.zip 35.65 KB dd030ef04a807500bb97d3325185920a Last updated: 16 Apr 2019 at 19:58 UTCOfficial release from tag: 7.x-3.4Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: 068d2fc09d985d469e8d33c56645cd74cb34f898
lolandese

services 7.x-3.24

1 month 3 weeks ago
Release notes

Services - Less critical - Access bypass - SA-CONTRIB-2019-043

Fixes: Services private file access bypass

Download Size md5 hash services-7.x-3.24.tar.gz 106.92 KB d8aecbfb2a40fb67869afea926b4a66d services-7.x-3.24.zip 149.75 KB c1d0c4924e95e695281ebbc3bcbbc5d7 Last updated: 3 Apr 2019 at 17:38 UTCOfficial release from tag: 7.x-3.24Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: 9ca9bca09693164265cc603a3205cc2bf976fe57
tyler.frankenstein

module_filter 7.x-2.2

1 month 4 weeks ago
Release notes

This release adds better handling of plain text.

Module Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2019-042

Download Size md5 hash module_filter-7.x-2.2.tar.gz 29.07 KB 329ce9645bf58fc27abdd6dd9328fc6e module_filter-7.x-2.2.zip 37.97 KB 8dee797be4c16d8181047b8774db8724 Last updated: 27 Mar 2019 at 14:53 UTCOfficial release from tag: 7.x-2.2Core compatibility: 7.xRelease type: Security updatePackaged Git sha1: 43a92ce4f8392f613a15ad9c932930f50a241778
greenSkin

drupal 8.6.13

2 months ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement and notes below:

Sites on 8.5.x or earlier should update immediately to Drupal 8.5.14 instead, and plan to update to the latest 8.6.x release before May 2019 (when 8.7.0 is released and 8.5.x security coverage ends).

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

  • No database updates are required for this release.

Download Size md5 hash drupal-8.6.13.tar.gz 16.34 MB ded84151ebda80826f18e924dab03edd drupal-8.6.13.zip 26.05 MB db9b127b44538e4829076d035a36281c Last updated: 20 Mar 2019 at 16:33 UTCOfficial release from tag: 8.6.13Core compatibility: 8.xRelease type: Security updateInsecureShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: 89e23ccafb25162c4bc82c0a2d05bc03e4b59ddd
mlhess

drupal 8.5.14

2 months ago
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement and notes below:

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage. Sites on 8.5.x will receive security coverage until May 2019 (when 8.7.0 is released).

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

  • No database updates are required for this release.

Download Size md5 hash drupal-8.5.14.tar.gz 15.1 MB 9f3035984039e0a5de0ce899722b9941 drupal-8.5.14.zip 24.33 MB ffa45dfa6e0216781dc3776bfd16433b Last updated: 20 Mar 2019 at 16:33 UTCOfficial release from tag: 8.5.14Core compatibility: 8.xRelease type: Security updateInsecureInsecureShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: 471af00dd8660843b8fe3108b8b74d92013b4804
mlhess

drupal 7.65

2 months ago
Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

No database updates are required for this release.

Download Size md5 hash drupal-7.65.tar.gz 3.15 MB d453c23413627594f3f05c984e339706 drupal-7.65.zip 3.65 MB e836445a91f47284808ade15e1236a00 Last updated: 20 Mar 2019 at 16:33 UTCOfficial release from tag: 7.65Core compatibility: 7.xRelease type: Security updateInsecureShort description: Supported until November 2021. Use this version for sites already running Drupal 7.Packaged Git sha1: c2cae51e5c32296f6129edb0bc08d5d2b38b92c9
mlhess
Checked
48 minutes 50 seconds ago
Subscribe to Drupal: Security update feed