Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
pear/Archive_Tar https://github.com/pear/Archive_Tar/releases/tag/1.4.12 has been released.
Also please see https://nvd.nist.gov/vuln/detail/CVE-2020-36193
Proposed resolution
Upgrade pear/archive_tar on 8.9.x branch from 1.4.11 to 1.4.12 in composer/Metapackage/CoreRecommended/composer.json
Determine if other branches need updates
Comments
Comment #2
rjg CreditAttribution: rjg commentedNote that this CVE is causing SensioLabs security checker to fail:
Comment #3
santhosh.fernando CreditAttribution: santhosh.fernando as a volunteer commentedAgree #2 . I think we need to have a release soon based on this.
Comment #4
webadpro CreditAttribution: webadpro commentedMe and my Co-worker ran into this issue also. Although on 9.1.x
Comment #5
cilefen CreditAttribution: cilefen as a volunteer commentedhttps://www.drupal.org/sa-core-2021-001