Drupal: Security update

drupal 7.72

2 weeks 5 days ago

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Important update information
  • Previously, if a form failed submission failed Drupal's cross-site request forgery protection, the submitted form values would be re-displayed to the user along with a message advising them to copy their previously submitted values and reload the page. Beginning with this release, the form is shown without any values for security reasons, and the user is prompted to press the back button to return to their previously entered values.

    The user-facing error message that appears when a form is outdated has also been changed, and translations of it will need to be updated.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
xjm

drupal 8.8.8

2 weeks 5 days ago

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 8.8.x will receive security coverage until December 2, 2020 when Drupal 9.1.0 is released.
  • Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
Important update information
  • Previously, if a form failed submission failed Drupal's cross-site request forgery protection, the submitted form values would be re-displayed to the user along with a message advising them to copy their previously submitted values and reload the page. Beginning with this release, the form is shown without any values for security reasons, and the user is prompted to press the back button to return to their previously entered values.

    The user-facing error message that appears when a form is outdated has also been changed, and translations of it will need to be updated.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
xjm

drupal 8.9.1

2 weeks 5 days ago

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

  • Drupal 8.9.x is a long-term support release that will receive security coverage until November 2021.
  • Sites on 8.8.x or earlier should update immediately to Drupal 8.8.8 instead, and plan to update to the latest 8.9.x or 9.0.x release before December 2, 2020 (when Drupal 9.1.0 is scheduled for release and 8.8.x security coverage ends).
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • Previously, if a form failed submission failed Drupal's cross-site request forgery protection, the submitted form values would be re-displayed to the user along with a message advising them to copy their previously submitted values and reload the page. Beginning with this release, the form is shown without any values for security reasons, and the user is prompted to press the back button to return to their previously entered values.

    The user-facing error message that appears when a form is outdated has also been changed, and translations of it will need to be updated.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
xjm

drupal 9.0.1

2 weeks 5 days ago

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 9.0.x will receive security coverage until June 2, 2021 when Drupal 9.2.0 is released.
  • Sites on 8.8.x or earlier should update immediately to Drupal 8.8.8 instead, and plan to update to the latest 8.9.x or 9.0.x release before December 2, 2020 (when Drupal 9.1.0 is scheduled for release and 8.8.x security coverage ends).
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • Previously, if a form failed submission failed Drupal's cross-site request forgery protection, the submitted form values would be re-displayed to the user along with a message advising them to copy their previously submitted values and reload the page. Beginning with this release, the form is shown without any values for security reasons, and the user is prompted to press the back button to return to their previously entered values.

    The user-facing error message that appears when a form is outdated has also been changed, and translations of it will need to be updated.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
xjm

open_readspeaker 8.x-1.5

3 weeks 6 days ago
sunlix

services 7.x-3.26

1 month ago
tyler.frankenstein

drupal 7.70

1 month 2 weeks ago

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security advisories:

No other fixes are included.

Important update information
  • This release provides a backwards compatibility layer to minimize disruptions in this security release. However, some sites may experience disruptions in jQuery code for certain edge cases. See the security advisory for more information.
  • Visiting update.php is required for this update in order to ensure a site cache clear. (There are no changes to database schemata.)
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.
Release type: Security updateInsecure
mcdruid

drupal 8.8.6

1 month 2 weeks ago

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 8.8.x will receive security coverage until December 2, 2020 when Drupal 9.1.0 is released.
  • Sites on 8.7.x or earlier should update immediately to Drupal 8.7.14 instead, and plan to update to the latest 8.8.x release before June 3, 2020 (when Drupal 8.9.0 is scheduled for release and 8.7.x security coverage ends).
  • Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
Important update information
  • This release provides a temporary backwards compatibility layer to minimize disruptions in this security release. However, some sites may experience disruptions in jQuery code for certain edge cases. See the security advisory for more information.

  • Visiting update.php is required for this update in order to ensure a site cache clear. (There are no changes to database schemata.)

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security updateInsecure
xjm

drupal 8.7.14

1 month 2 weeks ago

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Sites on 8.7.x will receive security coverage until June 3, 2020 (when Drupal 8.9.0 is scheduled for release).
  • Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
Important update information
  • This release provides a temporary backwards compatibility layer to minimize disruptions in this security release. However, some sites may experience disruptions in jQuery code for certain edge cases. See the security advisory for more information.

  • Visiting update.php is required for this update in order to ensure a site cache clear. (There are no changes to database schemata.)

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security updateInsecure
xjm

recaptcha_v3 8.x-1.2

1 month 3 weeks ago

Fixes reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019.

Contributors (5)

arnaudvz, dench0, pavnish, acbramley, adrian_c

Changelog

Issues: 7 issues resolved.

Changes since 8.x-1.1:

Bug Support Task Release type: Security updateBug fixes
majid.ali

webform 8.x-5.11

2 months ago
jrockowitz
Checked
45 minutes 26 seconds ago
Subscribe to Drupal: Security update feed