Project: Drupal core
Date: 2021-August-12
Security risk: Moderately critical 13∕25
Vulnerability: Third-party librariesThe Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.
I was recently setting up my local development environment for a new Drupal 9 project and despite abundance of documentation, couldn't get the Devel and Kint properly working at once. And because most of tutorials found online on the subject turned out to be buggy, outdated and/or obsolete, for posterity reasons I decided to log the installation steps that worked for me.
#TL;DR
drush pmu kint
composer require drupal/devel kint-php/kint
drush en devel
Joomla 3.9.21 is now available. This is a security release for the 3.x series of Joomla which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements.
Joomla 3.9.21 includes 3 security vulnerability fixes and addresses several bugs, including:
Project: Group
Version: 8.x-1.x-dev
Date: 2020-August-05
Security risk: Moderately critical 11∕25
Vulnerability: Information disclosure
The Group module enables you to hand out permissions on a smaller subset, section or community of your website.
Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions of the 2nd group type for the grouped content.
Project: Group
Version: 8.x-1.x-dev
Date: 2020-August-05
Security risk: Moderately critical 12∕25
Vulnerability: Information disclosureThe Group module enables you to hand out permissions on a smaller subset, section or community of your website.
With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes.
Install the latest version:
PSA-2020-06-24
Date: 2020-June-24The Drupal Security Team has announced today that given the impact of COVID-19 on budgets and businesses Drupal 7's end-of-life, previously scheduled for November 2021, will be extended until November 28, 2022.
Project: Views Bulk Operations (VBO)
Date: 2020-February-05
Security risk: Moderately critical 12∕25
Vulnerability: Access bypassViews Bulk Operations provides enhancements to running bulk actions on views.
The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to.
This vulnerability is mitigated by the fact that it only occurs in the case of customised action access (by means of hook_action_info_alter).
Following the 4-month release cycle, the Backdrop community has released the version 1.15 of Backdrop CMS.
Project: Radix
Date: 2020-January-15
Security risk: Moderately critical 13∕25
Vulnerability: Cross site scripting
Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in.
The module doesn't sufficiently filter menu titles when used in a dropdown in the main menu.
This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the main menu.
Install the latest version: