Drupal: Security update

fac 8.x-1.8

4 weeks ago

This release fixes a security vulnerability where a malicious user could be able to read search results generated by users with other roles, disclosing search results the user normally has no access to. This vulnerability could only be exploited when the configuration option "Perform search as anonymous user only" is switched off.

See SA-CONTRIB-2021-005 for details.

If your configuration enables searches as authenticated users we urge you to update the module to this release.

Release type: Security updateBug fixes
Marty2081

noggin 7.x-1.2

2 months 3 weeks ago

This release contains no changes to 7.x-1.1, other than those necessary to resolve the security vulnerability SA-CONTRIB-2019-080.

Other changes had previously been made to the 7.x-1.x branch. Those were not yet tested and ready to include in a stable tagged release. So, those other changes have been temporarily rolled back to enable the prompt creation of this security release.

Release type: Security update
JamesOakley

drupal 7.78

2 months 3 weeks ago

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
xjm

drupal 8.9.13

2 months 3 weeks ago

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Which release do I choose? Security coverage information

No other fixes are included.

  • Drupal 8.9.x is a long-term support release that will receive security coverage until November 2021. Sites should plan to update to Drupal 9.1 or later soon.
  • Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
xjm

drupal 9.0.11

2 months 3 weeks ago

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 9.0.x will receive security coverage until June 16, 2021 when Drupal 9.2.0 is released.
  • Sites on 8.9.x or earlier should update immediately to Drupal 8.9.13 instead.
  • Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
xjm

drupal 9.1.3

2 months 3 weeks ago

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 9.1.x will receive security coverage until December 8, 2021 when Drupal 9.3.0 is released.
  • Sites on 9.0.x should update immediately to Drupal 9.0.11 instead.
  • Sites on 8.9.x or earlier should update immediately to Drupal 8.9.13.
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
xjm

subgroup 1.0.1

2 months 3 weeks ago
The "This went surprisingly well" release

The initial release contained a bug where complex trees would sometimes grant permissions to not only the designated target group, but also the target's siblings. This has been fixed and a simple cache rebuild will make sure everything is working as intended. If you had simple parent-child relationships set up, you were likely unaffected. But it's advisable to upgrade nonetheless.

Not too bad considering we went straight to a full release.

Release type: Security updateBug fixes
kristiaanvandeneynde
Checked
2 hours 51 minutes ago
Subscribe to Drupal: Security update feed