Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020
https://www.drupal.org/node/2705637
Please update
Comments
Comment #2
el_reverend CreditAttribution: el_reverend commentedComment #3
onejam CreditAttribution: onejam commentedThat is for 7.x-2.x version but this distro still uses 7.x-1.x version. Should it not be updated to 7.x-2.x version since 7.x-1.x version is no longer maintained or supported?
see: https://www.drupal.org/node/2706631
Comment #4
rootworkCK uses Features v2.8. Check the drupal-org.make file in the distro, or the features.info file in profiles/commerce_kickstart/modules/contrib/features
I agree Features should be updated to 2.10 in CK.
Comment #5
onejam CreditAttribution: onejam commentedSorry, yes you're correct, it says:
projects[features][version] = 2.8
Thanks,
Comment #6
lsolesen CreditAttribution: lsolesen commentedWork is going on here: https://github.com/commerceguys/commerce_kickstart/pull/196
Comment #7
el_reverend CreditAttribution: el_reverend commentedHow can updates like this (Security updates specifically) be applied to a distro more efficiently? commerce_kickstart relies on a lot of contrib modules which when updates are released will eventually need updating.
Are the tie-ins that specific that it would prevent a 'normal' update?
Comment #9
mglamanWrite a patch, ping me in IRC.
While waiting for release, use your patch to build a patched distro.
Comment #10
rootworkThanks for updating things Matt! (Though I feel silly for getting credit in the commit message for just agreeing, ha.)