Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This could lead to potential security issues, since the .htaccess file is not created, the folder is not protected and these files are available to download if included inside the docroot.
As a "temporary fix" I'd suggest to call it out on the module's page for people to be warned.
I'm not sure when these .htaccess files should be created. It feels like it is not a bug of this module, but if there is a way to fix it, I think it would be really nice.
Comments
Comment #2
jan.stoecklerThanks for reporting! I followed your suggestion and put a notice on the module's page. We will investigate & try to fix the issue.