Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This issue serves to track progress porting 6.x-1.0 to Drupal 7.
Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This issue serves to track progress porting 6.x-1.0 to Drupal 7.
Top Drupal contributor Acquia would like to thank their partners for their contributions to Drupal.
Drupal is a registered trademark of Dries Buytaert.
Comments
Comment #1
salvisWe have BETA1 of RoleAssign.
Please test this version and provide feedback, both good and bad:
IF this module works for you, please let us know by adding a note to THIS issue below.
IF YOU FIND A BUG, please check the issues queue, and if it hasn't been reported yet, then OPEN A NEW ISSUE!
PLEASE do NOT add bug reports / questions to this issue here.
Comment #2
salvisWe have BETA2 of RoleAssign.
Prior versions of RoleAssign had (and other modules with similar functionality may still have) two vulnerabilities:
1. Users with the Administer users permission were able to manipulate and obtain access to the uid 1 account and other accounts having the Administer permissions permission, even if they were restricted by RoleAssign.
2. If they happened to also have the Administer modules permission, they were able to disable RoleAssign and thus obtain the ability to assign all roles.
BETA2 (as well as 6.x-1.x-dev) eliminates both of these vulnerabilities.
Please test this version and provide feedback, both good and bad:
IF this module works for you, please let us know by adding a note to THIS issue below.
IF YOU FIND A BUG, please check the issues queue, and if it hasn't been reported yet, then OPEN A NEW ISSUE!
PLEASE do NOT add bug reports / questions to this issue here.
Comment #3
salvisWe have RC1 of RoleAssign.
RC1 has some clean-up work that should not result in any functional changes. Nonetheless, this is the last chance to provide feedback before the 1.0 release. We currently have 150 sites using the D7 version and no one has cared to post a comment yet...
Please test this version and provide feedback, both good and bad:
IF this module works for you, please let us know by adding a note to THIS issue below.
IF YOU FIND A BUG, please check the issues queue, and if it hasn't been reported yet, then OPEN A NEW ISSUE!
PLEASE do NOT add bug reports / questions to this issue here.
Comment #4
Anonymous (not verified) CreditAttribution: Anonymous commentedUsed RC1 on a production site and so far it seems fine. Thanks.
Comment #5
salvisThank you, sjhuda!
Everyone please note #1356964: Hide the Administrator role selection in admin/config/people/accounts unless the user has the 'administer permissions'. Add your comments there if you want, not here, please!
Comment #6
salvisRC1 is running on over 1000 known sites. Nevertheless, there have been a few minor issues that have been fixed, and that's why we need another release candidate.
Please check out RC2 and provide feedback, both good and bad, so that we can quickly go to 1.0.
IF this module works for you, please let us know by adding a note to THIS issue below.
IF YOU FIND A BUG, please check the issues queue, and if it hasn't been reported yet, then OPEN A NEW ISSUE!
PLEASE do NOT add bug reports / questions to this issue here.
Comment #7
karenann CreditAttribution: karenann commentedRC2 tested on a local 7.16 install with no issue.
Comment #8
salvisThank you, karenann!
RC2 has turned into 1.0 with no changes.