5 Sep 2011 at 08:52 UTC
27 Jan 2017 at 17:52 UTC
+FollowSymLinksoption in the
.htaccessfile that comes with Drupal core. This causes an error 500 when accessing the site. When they introduced this policy they automatically converted
+SymLinksIfOwnerMatch. A Drupal upgrade overwrote this change.
Options +FollowSymLinks in our
If a server 500's because of this setting then people can not even install Drupal.
+FollowSymlinksweakness which leads to security exploits
+SymlinksIfOwnerMatchdue to security exploits.
FollowSymlinksis insecure and a potentially serious issue.
+FollowSymlinksis a security concern. Drupal 6, 7, and 8 core currently use
+FollowSymlinks. Attackers who would manage to compromise a confined Drupal website can get full root level access to that server.
+FollowSymlinksweakness which leads to security exploits.
+SymlinksIfOwnerMatchin Drupal core would be a security improvement though. And that can be handled here in this public issue. Any volunteer for a patch?
PASSED: [[SimpleTest]]: [MySQL] 41,754 pass(es). View
|#54||500 Internal Server Error with Drupal 8.png||16.43 KB||Francewhoa|