Security update

This is a non-production site

- Drupal Core Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal CMS Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal AI Open limitless possibilities with Drupal AI
- Case Studies Powerful stories that show Drupal solutions in the real world
- Drupal for Government Drupal is the open-source CMS that enables digital transformation of government and increases citizen engagement
- Drupal for Higher Education See why 70% of the world's leading universities chose Drupal
- Drupal for Nonprofit See why Drupal is the open-source CMS choice for some of the world’s most influential nonprofits
- Drupal for eCommerce Natively integrate content and commerce
- Drupal for FinTech Secure and trustworthy FinTech infrastructure
- Drupal for Healthcare Drupal powers systems that are secure, patient-centric and engaging
- Drupal for Media & Publishing Create engaging multi-channel experiences to connect with your audiences - everywhere
- Download Drupal Download Drupal and the extensions you need
- Documentation Full knowledgebase including Drupal 7 resources
- Getting Started Guide to installing Drupal on a server
- Local Development Guide Guide to installing Drupal locally with Docker and DDEV
- Developer Resources Step-by-step guide for learning Drupal
- Drupal User Guide Learn to build with Drupal
- API Complete documentation of Drupal Core APIs
- Modules Extend your project's functionality
- Themes Change your project's look and feel
- Distributions Jumpstart your project with a pre-configured install
- Issues Queue Report issues and contribute improvements
- Security Advisories Stay on top of the latest security alerts and updates
- Find a Drupal Certified Partner Connect with the best Drupal agencies around the world
- Become an Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Find a Hosting Provider Find a hosting provider for your Drupal project
- Find a Migration Partner Get help with your migration to the latest version of Drupal
- Find Training Upskill your Drupal team
- Drupal Steward Ensure your website is protected with Drupal Steward
- About the Community Come for the code, stay for the community
- How to Contribute Get involved in growing and evolving Drupal
- DrupalCon DrupalCon unites experts from around the globe who create ambitious digital experiences. Network, learn, and be inspired
- Events Discover local events, meet-ups, and training
- Jobs / Careers Find opportunities to work in Drupal
- News & Blogs News and stories about Drupal
- Forum Got a question about Drupal? Find answers on the Drupal forums
- Slack Get support and communicate with the global Drupal community
- Newsletters Sign up for Drupal news and manage your subscriptions
- Drupal Swag Shop Get your Drupal branded merch!
- The Drupal Association Learn how we support Drupal's growth and innovation - and how you can help
- Become a Member Become a Ripplemaker and support the Drupal Association
- Become a Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Donate Make a donation to the nonprofit that supports Drupal
- Log in
- Create account
- Try Drupal CMS
- Try hosting

ckeditor_lts 1.0.1

Posted by salmonek on February 7, 2024 at 12:39pm

Updated CKEditor 4 library to the latest 4.24.0-lts. This version of the editor includes important security patches. From now on, all versions below 4.24.0-lts can no longer be considered as secure.

See CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009.

Security Updates:

1.0.1

Security update

Bug fixes

Read more about ckeditor_lts 1.0.1

ckeditor_lts 7.x-1.25

Posted by salmonek on February 7, 2024 at 12:34pm

Updated default CKEditor 4 library to the latest 4.24.0-lts. This version of the editor includes important security patches. From now on, all versions below 4.24.0-lts can no longer be considered as secure.

See CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009.

Security Updates:

7.x-1.25

Security update

Bug fixes

Read more about ckeditor_lts 7.x-1.25

migrate_tools 6.0.3

Posted by heddn on February 6, 2024 at 4:18pm

This fixes only Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008 and includes no other changes since 6.0.2.

Bug fixes

Contributors (2)

donquixote, heddn

Changelog

Issues: 1 issue resolved.

6.0.3

Security update

Read more about migrate_tools 6.0.3

entity_delete_log 1.1.1

Posted by malaynayak on January 31, 2024 at 3:12pm

This fixes a security issue related to access to the entity delete log reports.

Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007

1.1.1

Security update

Read more about entity_delete_log 1.1.1

social 12.0.5

Posted by ronaldtebrake on January 24, 2024 at 9:10am

This release covers both:

SA-CONTRIB-2024-004
SA-CONTRIB-2024-005

12.0.5

Security update

Insecure

Read more about social 12.0.5

tfa 8.x-1.5

Posted by cmlara on January 24, 2024 at 8:37am

Resolves SA-CONTRIB-2024-003.

8.x-1.5

Security update

Insecure

Read more about tfa 8.x-1.5

drupal 10.1.8

Posted by xjm on January 17, 2024 at 5:08pm

This is a security release of the Drupal 10 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

Drupal core - Moderately critical - Denial of service - SA-CORE-2024-001

No other fixes are included.

10.1.8

Security update

Insecure

Read more about drupal 10.1.8

drupal 10.2.2

Posted by xjm on January 17, 2024 at 5:07pm

This is a security release of the Drupal 10 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

Drupal core - Moderately critical - Denial of service - SA-CORE-2024-001

No other fixes are included.

10.2.2

Security update

Insecure

Read more about drupal 10.2.2

typogrify 8.x-1.3

Posted by benjifisher on January 10, 2024 at 5:33pm

Fixes SA-CONTRIB-2024-002

If you use the typogrify Twig filter provided by this module, then this update may cause double-encoding of text. See the updated README for best practices.

8.x-1.3

Security update