After upgrading to 7.x-3.19 I did a diff with 7.x-3.18.

The only difference appears to be the .info file. Is this error, or am I making a mistake?

In the interim I've followed the advice in the advisory ...

You may disable "application/vnd.php.serialized" under "Request parsing" in Drupal to prevent the exploit: /admin/structure/services/list/[my-endpoint]/server

Comments

kenwest created an issue. See original summary.

kenwest’s picture

kenwest CreditAttribution: kenwest as a volunteer commented
Priority: Normal » Critical
kylebrowning’s picture

kylebrowning CreditAttribution: kylebrowning as a volunteer commented
Category: Bug report » Support request
Priority: Critical » Normal

http://cgit.drupalcode.org/services?h=7.x-3.x

You can see here theres 3 commits since 3.18 and you can see the latest commit, is at the head of 3.19
http://cgit.drupalcode.org/services/tag/?h=7.x-3.19

kylebrowning’s picture

kylebrowning CreditAttribution: kylebrowning as a volunteer commented
Status: Active » Fixed
kenwest’s picture

kenwest CreditAttribution: kenwest as a volunteer commented

My apologies, Kyle. I made a mistake with the diff.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.