Security update

drupal 9.0.0-beta2

9.0.0-beta2

Security update

Bug fixes

Insecure

This is a beta release for the next major version of Drupal. Drupal 9 beta releases are intended for site owners and module or theme authors to test compatibility and upgrade paths for Drupal 9.0. Beta releases are not intended for production.

This release fixes security vulnerabilities present in 9.0.0-beta1. Sites are urged to upgrade immediately after reading the security announcement and notes below:

svg_image 8.x-1.10

8.x-1.10

Security update

Svg Image - Critical - Cross site scripting - SA-CONTRIB-2020-008.

Fix XSS security issue.
The module did not sufficiently protect against malicious code inside SVG files leading to a Cross Site Scripting vulnerability.
This vulnerability is mitigated by the fact that an attacker must have permission to upload an SVG file.

drupal 8.8.4

8.8.4

Security update

Insecure

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2020-001

No other fixes are included.

drupal 8.7.12

8.7.12

Security update

Insecure

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001

No other fixes are included.

ckeditor 7.x-1.19

7.x-1.19

Security update

Security update.

CKEditor - Cross Site Scripting (XSS) - SA-CONTRIB-2020-007

Install the latest version:

If you use the CKEditor module for Drupal 7.x, upgrade to CKEditor 7.x-1.19

Important note: If you use the CKEditor CDN, it is highly recommended to update the CKEditor JavaScript library to the newest version (at least 4.14.0).
To do so, edit the "CKEditor Global profile" settings in admin panel, at /admin/config/content/ckeditor/editg.

Current version can be found at https://cdn.ckeditor.com/.

Also see the CKEditor - WYSIWYG HTML editor project page.

saml_sp 8.x-3.7

8.x-3.7

Security update

SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006.

drupal 9.0.0-beta2

svg_image 8.x-1.10

drupal 8.8.4

drupal 8.7.12

ckeditor 7.x-1.19

saml_sp 8.x-3.7

security issue: Visitors may create accounts without admin approval

Pages

News items

Our community

Documentation

Drupal code base

Governance of community