Security update

Fixes Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009

User must be authenticated before accessing their 2FA settings form and each user can access their own 2FA settings form.

Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2023-005

Github milestone: 8.x-1.27

Changelog:

Fix API Product entity query access issue, via PR #791.

Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2023-005

Github milestone: 2.0.8

Changelog:

Fix API Product entity query access issue, via PR #790.

This is a security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-001

No other fixes are included.

This is a security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-001

No other fixes are included.

This is a security release of the Drupal 10 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-001

No other fixes are included.

Media Library Form API Element - Moderately critical - Information Disclosure - SA-CONTRIB-2023-004

The module module did not properly check entity access in some circumstances. This may have resulted in users with access to edit content seeing metadata about media items they are not authorized to access.

The vulnerability is mitigated by the fact that the inaccessible media will only be visible to users who can already edit content that includes a media reference field.

Private Taxonomy Terms - Moderately critical - Access bypass - SA-CONTRIB-2023-001