Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
A recent security vulnerability has been issued for the References Module: https://www.drupal.org/node/2869138. The security team at Drupal is recommending that the module be removed. It seems OpenPublic's design is heavily reliant on the Reference Module, and removing it would entail disabling the majority of OpenPublic's apps. Any feedback on how current implementations of OpenPublic are to handle this new development would be appreciated. Thank you!
Comments
Comment #2
paultsao CreditAttribution: paultsao commentedwe are heavily using OpenPublic and would love for some feedback as well.
Comment #3
mpotter CreditAttribution: mpotter at Phase2 commentedA Security Advisory was issued for the References module used in OpenPublic (Drupal 7) to mark the module as Unsupported due to lack of response from the module maintainer on a security issue. The advisory was marked as "Critical" because this is the severity of marking any module as Unsupported. The "Critical" severity rating does not apply to the original security issue that was being investigated.
A potential new maintainer has released a new version of References module. An update to OpenPublish for this and other modules that have security updates will be posted later today.
Comment #4
mpotter CreditAttribution: mpotter at Phase2 commentedThis is fixed in 7.x-1.11
Comment #5
mpotter CreditAttribution: mpotter at Phase2 commentedComment #6
buddym CreditAttribution: buddym commentedI appreciate the continued support of this amazing profile. Thank you!