social 12.4.9 | Drupal.org

This is a non-production site

- Drupal Core Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal CMS Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal AI Open limitless possibilities with Drupal AI
- Case Studies Powerful stories that show Drupal solutions in the real world
- Drupal for Government Drupal is the open-source CMS that enables digital transformation of government and increases citizen engagement
- Drupal for Higher Education See why 70% of the world's leading universities chose Drupal
- Drupal for Nonprofit See why Drupal is the open-source CMS choice for some of the world’s most influential nonprofits
- Drupal for eCommerce Natively integrate content and commerce
- Drupal for FinTech Secure and trustworthy FinTech infrastructure
- Drupal for Healthcare Drupal powers systems that are secure, patient-centric and engaging
- Drupal for Media & Publishing Create engaging multi-channel experiences to connect with your audiences - everywhere
- Download Drupal Download Drupal and the extensions you need
- Documentation Full knowledgebase including Drupal 7 resources
- Getting Started Guide to installing Drupal on a server
- Local Development Guide Guide to installing Drupal locally with Docker and DDEV
- Developer Resources Step-by-step guide for learning Drupal
- Drupal User Guide Learn to build with Drupal
- API Complete documentation of Drupal Core APIs
- Modules Extend your project's functionality
- Themes Change your project's look and feel
- Distributions Jumpstart your project with a pre-configured install
- Issues Queue Report issues and contribute improvements
- Security Advisories Stay on top of the latest security alerts and updates
- Find a Drupal Certified Partner Connect with the best Drupal agencies around the world
- Become an Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Find a Hosting Provider Find a hosting provider for your Drupal project
- Find a Migration Partner Get help with your migration to the latest version of Drupal
- Find Training Upskill your Drupal team
- Drupal Steward Ensure your website is protected with Drupal Steward
- About the Community Come for the code, stay for the community
- How to Contribute Get involved in growing and evolving Drupal
- DrupalCon DrupalCon unites experts from around the globe who create ambitious digital experiences. Network, learn, and be inspired
- Events Discover local events, meet-ups, and training
- Jobs / Careers Find opportunities to work in Drupal
- News & Blogs News and stories about Drupal
- Forum Got a question about Drupal? Find answers on the Drupal forums
- Slack Get support and communicate with the global Drupal community
- Newsletters Sign up for Drupal news and manage your subscriptions
- Drupal Swag Shop Get your Drupal branded merch!
- The Drupal Association Learn how we support Drupal's growth and innovation - and how you can help
- Become a Member Become a Ripplemaker and support the Drupal Association
- Become a Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Donate Make a donation to the nonprofit that supports Drupal
- Log in
- Create account
- Try Drupal CMS
- Try hosting

Posted by robertragas on December 11, 2024 at 11:00am

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076

Few notes to take into account:

This release contains an update hook that can possibly create new folders. Make sure to run the hook as the correct user or via update.php so it has the correct owner.
The update hook does not take unmanaged/unorphaned files into account. In usual cases these should be cleaned up automatically by cron when they are not set temporary. To verify this there are a few option to take:

Use the files overview to identify and remove affected files.
Temporary enable the contrib module https://www.drupal.org/project/fancy_file_delete which provides an additional view and bulk operations.
Run database queries.

VCS Label

12.4.9

Release type

Security update

Packaged Git sha1

ff6c77fa34dfc2e5e76a020063ee794ea980df3a

Release files

19f23e7c7e6d98298065deabb12a05fb

Release file SHA-1 hash

363614979ed13b8689b4ff483183273c3d21a03d

Release file SHA-256 hash

3445e72db5d17d160d3f6146bc46b57392762575a750a13fca0537d32503fdb5

7f53f050c012e9982a1be3bcbce4ce2d

Release file SHA-1 hash

aee37e82760a968e35e25308c9a7b5d8b4753dfa

Release file SHA-256 hash

424de53c6948333d9ab61af946d91724f9c6b518b1be9718a1addd5ca35b85be