Security update | Drupal.org

This is a non-production site

- Drupal Core Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal CMS Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal AI Open limitless possibilities with Drupal AI
- Case Studies Powerful stories that show Drupal solutions in the real world
- Drupal for Government Drupal is the open-source CMS that enables digital transformation of government and increases citizen engagement
- Drupal for Higher Education See why 70% of the world's leading universities chose Drupal
- Drupal for Nonprofit See why Drupal is the open-source CMS choice for some of the world’s most influential nonprofits
- Drupal for eCommerce Natively integrate content and commerce
- Drupal for FinTech Secure and trustworthy FinTech infrastructure
- Drupal for Healthcare Drupal powers systems that are secure, patient-centric and engaging
- Drupal for Media & Publishing Create engaging multi-channel experiences to connect with your audiences - everywhere
- Download Drupal Download Drupal and the extensions you need
- Documentation Full knowledgebase including Drupal 7 resources
- Getting Started Guide to installing Drupal on a server
- Local Development Guide Guide to installing Drupal locally with Docker and DDEV
- Developer Resources Step-by-step guide for learning Drupal
- Drupal User Guide Learn to build with Drupal
- API Complete documentation of Drupal Core APIs
- Modules Extend your project's functionality
- Themes Change your project's look and feel
- Distributions Jumpstart your project with a pre-configured install
- Issues Queue Report issues and contribute improvements
- Security Advisories Stay on top of the latest security alerts and updates
- Find a Drupal Certified Partner Connect with the best Drupal agencies around the world
- Become an Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Find a Hosting Provider Find a hosting provider for your Drupal project
- Find a Migration Partner Get help with your migration to the latest version of Drupal
- Find Training Upskill your Drupal team
- Drupal Steward Ensure your website is protected with Drupal Steward
- About the Community Come for the code, stay for the community
- How to Contribute Get involved in growing and evolving Drupal
- DrupalCon DrupalCon unites experts from around the globe who create ambitious digital experiences. Network, learn, and be inspired
- Events Discover local events, meet-ups, and training
- Jobs / Careers Find opportunities to work in Drupal
- News & Blogs News and stories about Drupal
- Forum Got a question about Drupal? Find answers on the Drupal forums
- Slack Get support and communicate with the global Drupal community
- Newsletters Sign up for Drupal news and manage your subscriptions
- Drupal Swag Shop Get your Drupal branded merch!
- The Drupal Association Learn how we support Drupal's growth and innovation - and how you can help
- Become a Member Become a Ripplemaker and support the Drupal Association
- Become a Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Donate Make a donation to the nonprofit that supports Drupal
- Log in
- Create account
- Try Drupal CMS
- Try hosting

bootstrap_site_alert 8.x-1.13

Posted by joseph.olstad on April 23, 2025 at 1:33pm

New in 1.13

Use text format filtering

New in 1.12
Fix for the fix
[#3383609]

New in 1.11
D10 compatibility fix
[#3383609]

8.x-1.13

Security update

Read more about bootstrap_site_alert 8.x-1.13

colorbox 2.1.3

Posted by paulmckibben on April 23, 2025 at 1:19pm

Addresses XSS vulnerability via data attributes.

2.1.3

Security update

Read more about colorbox 2.1.3

search_api_solr 4.3.9

Posted by drunken monkey on April 22, 2025 at 4:47pm

This is release 4.3.9 of the Search API Solr module for Drupal 10+. It contains two bug fixes, one of them a security issue.

4.3.9

Security update

Read more about search_api_solr 4.3.9

stage_file_proxy 3.1.5

Posted by smustgrave on April 15, 2025 at 4:13pm

Contributors (3)

mike.vindicate, piotrsmykaj, smustgrave

Changelog

Issues: 2 issues resolved.

Changes since 3.1.4:

3.1.5

Security update

Read more about stage_file_proxy 3.1.5

baguettebox 3.0.1

Posted by smustgrave on April 15, 2025 at 4:07pm

Changelog

Issues: 0 issues resolved.

Changes since 3.0.0:

Misc

Checkplain alt text

3.0.1

Security update

Read more about baguettebox 3.0.1

baguettebox 2.0.4

Posted by smustgrave on April 15, 2025 at 4:07pm

Changelog

Issues: 0 issues resolved.

Changes since 2.0.3:

Misc

Checkplain alt text

2.0.4

Security update

Read more about baguettebox 2.0.4

gifplayer 8.x-1.5

Posted by danrod on April 9, 2025 at 11:11am

This release fixes the XSS vulnerability found in the Gifplayer external library, previous releases of this module had a copy of the library inside the js/ directory, which had the vulnerability itself, now that the new library release fixed this issue, the module was refactored to allow the user to download the latest library release in the /libraries folder and loading the library for there, effectively fixing the

8.x-1.5

Security update

Read more about gifplayer 8.x-1.5

gifplayer 2.0.4

Posted by danrod on April 9, 2025 at 11:10am

This release fixes the XSS vulnerability found in the Gifplayer external library, previous releases of this module had a copy of the library inside the js/ directory, which had the vulnerability itself, now that the new library release fixed this issue, the module was refactored to allow the user to download the latest library release in the /libraries folder and loading the library for there, effectively fixing the

2.0.4

Security update

Read more about gifplayer 2.0.4

eca 2.1.7

Posted by jurgenhaas on April 9, 2025 at 9:41am

Contributors (7)

coderdan, dsasser, hauptm, ikam, jurgenhaas, lammensj, mxh

2.1.7

Security update

Read more about eca 2.1.7

eca 2.0.16

Posted by jurgenhaas on April 9, 2025 at 9:39am

Contributors (5)

hauptm, ikam, jurgenhaas, lammensj, mxh

Changelog

Issues: 3 issues resolved.

2.0.16

Security update

Read more about eca 2.0.16

Subscribe to Security update