Drupal

Paragraphs jQuery UI Accordion has been ported to Backdrop

Paragraphs jQuery UI Accordion has been ported to Backdrop

Description

This is to announce the initial release of Paragraphs jQuery UI Accordion module for Backdrop. Initially created for Drupal by Maksym Shakhrai, the module is now ported to Backdrop by AltaGrade team.

Paragraphs jQuery UI Accordion is a module to create paragraphs with accordion effect in your Backdrop website's content. It based on jQuery UI Accordion plugin which already included in core, so no need to install additional libraries.

Read More

Drupal 7's FAQ Field has been ported to Backdrop

Drupal 7's FAQ Field has been ported to Backdrop

Description

We are happy to announce the initial release of FAQ field module for Backdrop. Initially created for Drupal 7 by Patrick Drotleff and now ported to Backdrop by AltaGrade team, FAQ Field module provides a field for frequently asked questions.

Adding to any content type or user entity, you can create simple but smooth frequently asked questions on any piece of content on your Backdrop website.

Read More

There are known exploits! Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

There are known exploits! Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

Project: Drupal core
Date: 2020-November-25
Security risk: Critical 18∕25 
Vulnerability: Arbitrary PHP code execution
CVE IDs: CVE-2020-28949,CVE-2020-28948

Description

The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:

Read More

Multiple security advisories are issued for Drupal 7, 8, 9 core and contributed modules: SA-CORE-2020-012, SA-CONTRIB-2020-035, SA-CONTRIB-2020-036, SA-CONTRIB-2020-037, SA-CONTRIB-2020-038

Multiple security advisories are issued for Drupal 7, 8, 9 core and contributed modules: SA-CORE-2020-012, SA-CONTRIB-2020-035, SA-CONTRIB-2020-036, SA-CONTRIB-2020-037, SA-CONTRIB-2020-038

Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036

Project: Media: oEmbed
Date: 2020-November-18
Security risk: Critical 17∕25 
Vulnerability: Remote Code Execution

Description

Media oEmbed does not properly sanitize certain filenames as described in SA-CORE-2020-012.

Solution

Install the latest version:

Upgrade to Media oEmbed 7.x-2.8

Read More

Drupal OAuth Server (OAuth Provider) - Single Sign On ( SSO ) - SQL Injection -SA-CONTRIB-2020-034

Drupal OAuth Server (OAuth Provider) - Single Sign On ( SSO ) - SQL Injection -SA-CONTRIB-2020-034

Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO )
Date: 2020-October-14
Vulnerability: SQL Injection

Description

This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.

The 8.x branch of the module is vulnerable to SQL injection.

Solution

Install the latest version:

If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to 8.x-1.1

Read More

Several moderately critical and critical bugs are found in Drupal core

Several moderately critical and critical bugs are found in Drupal core

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

Project: Drupal core
Date: 2020-September-16
Security risk: Moderately critical 14∕25 
Vulnerability: Cross-site scripting
CVE IDs: CVE-2020-13666

Description

The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.

Solution

Install the latest version:

Read More

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033

Project: Group
Version: 8.x-1.x-dev
Date: 2020-August-05
Security risk: Moderately critical 11∕25
Vulnerability: Information disclosure

Description

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions of the 2nd group type for the grouped content.

Read More

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032

Project: Group
Version: 8.x-1.x-dev
Date: 2020-August-05
Security risk: Moderately critical 12∕25 
Vulnerability: Information disclosure

Description

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes.

Solution

Install the latest version:

Read More

Pages