cloud 7.x-1.7

Install

Using Composer to manage Drupal site dependencies

Downloads

Download tar.gz 378.91 KB

MD5: 6bbe86561f5532c60f0eadc725acb2cf

SHA-1: 4d877bce785521b47031c3175499202b138203fe

SHA-256: 2a07268f340e5ba8bc1dad3ab7aee41f01c177053baa14daa27173395f76ffd9

Download zip 483.81 KB

MD5: d34f3a350cb76cd4f5f1c106d72a5059

SHA-1: 007d62cd4213d0efe61db23180f931bb49897c1f

SHA-256: 403e1055a8501a6ea7e0c293fac42551abd0b57d3ef574daf76839e8954af203

Security issues fixed

Cloud - Critical - CSRF - SA-CONTRIB-2017-086

Release notes

Fixes Cloud - Critical - CSRF - SA-CONTRIB-2017-086

This release is Security Update. In a submodule cloud_activity_audit, as a user with 'access audit report' permission can remove any activity audit items without any confirmation that can lead the site to CSRF issue where attacker can remove any items from remote with having access to the user session only. As the permission is not a restricted and it's mainly about to have access to these items, fixed the issue by adding confirm_form as it protects the action well enough (see: https://www.drupal.org/docs/7/security/writing-secure-code/create-forms-...)

Created by: yas
Created on: 29 Nov 2017 at 09:12 UTC
Last updated: 29 Nov 2017 at 18:48 UTC

7.x-1.7

Security update

Unsupported

Other releases

View usage statistics for this release

cloud 7.x-1.7

Install

Downloads

Security issues fixed

Release notes

Other releases

News items

Our community

Documentation

Drupal code base

Governance of community