govcms8 8.x-1.14

Drupal Core update

from 8.9.11 to 8.9.13
The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:CVE-2020-36193

Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them. See: https://www.drupal.org/sa-core-2021-001

Modules update

captcha from 8.x-1.0-beta1 to 8.x-1.1
components from 8.x-2.0-beta3 to 8.x2.2
encrypt from 8.x-3.0-rc2 to 8.x-3.0
galogin from 8.x-1.0-alpha4 to 1.0-alpha6
inline entity form from 8.x-1.0-rc7 - to 8.x-1.0-rc8
linkit from 8.x-5.0-beta9 to 8.x-6.0-beta12
media_entity_file_replace from 8.x1.0-beta2 to 8.x-1.0-beta3
page_manager from 8.x-4.0-beta4 to 8.x-4.0-beta6
swiftmailer from 8.x-2.0-beta1 to 8.x-2.0
two_factor_authentication from 8.x-1.0-alpha4 to 8.x-1.0-alpha7
username_numeration-prevention from 8.x-1.0-beta2 to 8.x-1.1

Comments

It addresses a recent critical security advisory issued by Drupal.org. GovCMS assessed this risk as it applied to D8 distribution. Subsequently the security risk was downgraded to moderately critical.

Deployment is scheduled from 24 February 2021. No outages are expected to websites during the deployment process.

The GovCMS D8 distribution will continue to be supported after this update.

More information

If you have any concerns, raise a ticket at https://www.govcms.support, alternatively subscribe to https://status.govcms.support/