Security update | Drupal.org

This is a non-production site

- Drupal Core Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal CMS Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal AI Open limitless possibilities with Drupal AI
- Case Studies Powerful stories that show Drupal solutions in the real world
- Drupal for Government Drupal is the open-source CMS that enables digital transformation of government and increases citizen engagement
- Drupal for Higher Education See why 70% of the world's leading universities chose Drupal
- Drupal for Nonprofit See why Drupal is the open-source CMS choice for some of the world’s most influential nonprofits
- Drupal for eCommerce Natively integrate content and commerce
- Drupal for FinTech Secure and trustworthy FinTech infrastructure
- Drupal for Healthcare Drupal powers systems that are secure, patient-centric and engaging
- Drupal for Media & Publishing Create engaging multi-channel experiences to connect with your audiences - everywhere
- Download Drupal Download Drupal and the extensions you need
- Documentation Full knowledgebase including Drupal 7 resources
- Getting Started Guide to installing Drupal on a server
- Local Development Guide Guide to installing Drupal locally with Docker and DDEV
- Developer Resources Step-by-step guide for learning Drupal
- Drupal User Guide Learn to build with Drupal
- API Complete documentation of Drupal Core APIs
- Modules Extend your project's functionality
- Themes Change your project's look and feel
- Distributions Jumpstart your project with a pre-configured install
- Issues Queue Report issues and contribute improvements
- Security Advisories Stay on top of the latest security alerts and updates
- Find a Drupal Certified Partner Connect with the best Drupal agencies around the world
- Become an Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Find a Hosting Provider Find a hosting provider for your Drupal project
- Find a Migration Partner Get help with your migration to the latest version of Drupal
- Find Training Upskill your Drupal team
- Drupal Steward Ensure your website is protected with Drupal Steward
- About the Community Come for the code, stay for the community
- How to Contribute Get involved in growing and evolving Drupal
- DrupalCon DrupalCon unites experts from around the globe who create ambitious digital experiences. Network, learn, and be inspired
- Events Discover local events, meet-ups, and training
- Jobs / Careers Find opportunities to work in Drupal
- News & Blogs News and stories about Drupal
- Forum Got a question about Drupal? Find answers on the Drupal forums
- Slack Get support and communicate with the global Drupal community
- Newsletters Sign up for Drupal news and manage your subscriptions
- Drupal Swag Shop Get your Drupal branded merch!
- The Drupal Association Learn how we support Drupal's growth and innovation - and how you can help
- Become a Member Become a Ripplemaker and support the Drupal Association
- Become a Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Donate Make a donation to the nonprofit that supports Drupal
- Log in
- Create account
- Try Drupal CMS
- Try hosting

restws 7.x-2.10

Posted by drumm on May 15, 2024 at 3:37pm

Fixes RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019

7.x-2.10

Security update

Read more about restws 7.x-2.10

advanced_pwa 8.x-1.5

Posted by gmaximus on April 23, 2024 at 6:09pm

Advanced PWA - Critical - Access bypass - SA-CONTRIB-2024-017

Improved permissions for the admin settings form.

8.x-1.5

Security update

Read more about advanced_pwa 8.x-1.5

rest_views 3.0.1

Posted by nicxvan on April 23, 2024 at 5:39pm

REST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018

This release ensures that access is properly checked for rest views displays.

3.0.1

Security update

Read more about rest_views 3.0.1

tacjs 8.x-6.5

Posted by prudloff on March 27, 2024 at 8:15am

Upgrade tarteaucitron.js to 1.17.0

Changelog

Issues: 3 issues resolved.

Changes since 8.x-6.4:

8.x-6.5

Security update

Read more about tacjs 8.x-6.5

registration_role 2.0.1

Posted by mlncn on March 5, 2024 at 5:12pm

See Registration role - Critical - Access bypass - SA-CONTRIB-2024-015.

This release ensures that, even if configuration does not ever get updated to the new schema as expected, only the expected roles are granted to new registrants.

If you cannot update right away, simply re-save the configuration form at /admin/people/registration-role and your configuration will be fixed, even without this release.

2.0.1

Security update

Read more about registration_role 2.0.1

symfony_mailer_lite 1.0.6

Posted by zengenuity on February 28, 2024 at 1:34pm

Security updates Fixes: Drupal Symfony Mailer Lite - Moderately critical - Cross site request forgery Other changes since 1.0.5: Bug Fixes #3422014 by threeg: "Ping threshold" option doesn't reflect its set value

1.0.6

Security update

Read more about symfony_mailer_lite 1.0.6

coffee 8.x-1.4

Posted by klausi on February 28, 2024 at 1:04pm

Maintenance release to fix XSS vulnerability, see Coffee - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-011.

No other changes since 8.x-1.3

8.x-1.4

Security update

Read more about coffee 8.x-1.4

private_content 8.x-2.1

Posted by adamps on February 28, 2024 at 12:36pm

Private content - Moderately critical - Access bypass - SA-CONTRIB-2024-012.

8.x-2.1

Security update

Read more about private_content 8.x-2.1

node_access_rebuild_progressive 7.x-1.2

Posted by shelane on February 27, 2024 at 7:55pm

Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-013.

7.x-1.2

Security update

Read more about node_access_rebuild_progressive 7.x-1.2

node_access_rebuild_progressive 2.0.2

Posted by shelane on February 20, 2024 at 11:06pm

Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010

Contributors (3)

dwebpoint, jordan.haber, justcaldwell

Changelog

Issues: 1 issues resolved.

2.0.2

Security update

Read more about node_access_rebuild_progressive 2.0.2

Subscribe to Security update