Drupal: Security update

simple_oauth 5.0.6

1 week 5 days ago

This is a security release for the 5.0.x branch. This is the last planned release for the 5.0.x minor version of Simple OAuth.

This release corresponds with the announcement of EOL dates for the 8.x-4.x and 5.0.x branches, and the tagging of 5.1.0. The upgrade path from prior versions is well tested and supported, and all site owners are encouraged to update to 5.1.x as soon as possible. See the project page for details on EOL dates.

See Simple OAuth (OAuth2) & OpenID Connect - Moderately critical - Access bypass - SA-CONTRIB-2022-002.

Release type: Security update
bradjones1

simple_oauth 8.x-4.6

1 week 5 days ago

This is a security release for the 8.x-4.x branch. This is the last planned release for the 8.x-4.x major version of Simple OAuth.

This release corresponds with the announcement of EOL dates for the 8.x-4.x and 5.0.x branches, and the tagging of 5.1.0. The upgrade path from prior versions is well tested and supported, and all site owners are encouraged to update to 5.1.x as soon as possible. See the project page for details on EOL dates.

See Simple OAuth (OAuth2) & OpenID Connect - Moderately critical - Access bypass - SA-CONTRIB-2022-002.

Release type: Security update
bradjones1

webform 6.1.2

1 month 1 week ago

See Webform - Critical - Cross Site Scripting, Access Bypass - SA-CONTRIB-2021-045.

This release was completed using Open Collective funds.
Please consider joining the Webform module's Open Collective to help ensure that the Webform module is maintained.
  • Update webform_image_select.module
  • Update webform_node.module
  • #3252502 by paulocs, HeikkiY: Upgrading to Webform 6.1.1 removes custom query parameters in confirmation URL
  • #3252193 by neclimdul: Use WebformSubmissionConditionsValidatorInterface on WebformHandlerBase
Release type: Security updateBug fixesNew features
jrockowitz

drupal 8.9.20

2 months ago

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Sites on 8.9.x should update immediately to this release, and upgrade to Drupal 9 as soon as possible afterward because Drupal 8 is now end-of-life and no further Drupal 8 updates will be provided.
  • Versions of Drupal prior to 9.1.x are end-of-life and do not receive security coverage.
Important update information
  • CKEditor 4 has been updated to 4.17.1.
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so updating custom versions of those files is not necessary if your site is already on the previous release.
Release type: Security update
xjm

drupal 9.1.14

2 months ago

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 9.1.x will receive security coverage until December 8, 2020 when 9.3.0 is released.
  • Sites on 8.9.x should update immediately to Drupal 8.9.20 instead of this release, and then upgrade to Drupal 9 as soon as possible afterward because Drupal 8 is now end-of-life.
  • Versions of Drupal prior to 9.1.x are end-of-life and do not receive security coverage.
Important update information
  • CKEditor 4 has been updated to 4.17.1.
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so updating custom versions of those files is not necessary if your site is already on the previous release.
Release type: Security update
xjm

drupal 9.2.9

2 months ago

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 9.2.x will receive security coverage until June 15, 2022 when Drupal 9.4.0 is released.
  • Sites on 9.1.x or earlier should update immediately to Drupal 9.1.14 instead of this release, and plan to update to the latest 9.x release before December 8, 2021 (when Drupal 9.3.0 is scheduled for release and 9.1.x security coverage ends).
  • Sites on 8.9.x should update immediately to Drupal 8.9.20 instead of this release, and then upgrade to Drupal 9 as soon as possible afterward because Drupal 8 is now end-of-life.
  • Versions of Drupal prior to 9.1.x are end-of-life and do not receive security coverage.
Important update information
  • CKEditor 4 has been updated to 4.17.1.
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so updating custom versions of those files is not necessary if your site is already on the previous release.
Release type: Security update
xjm
Checked
44 minutes 32 seconds ago
Subscribe to Drupal: Security update feed