The AltaGrade Blog

Drupal 7.79 has been released

Alan

CEO & Founder

Apr 7, 2021
Add comment

Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).

No security fixes are included in this release.

This release is the first where D7 core's test suite passes tests in PHP 8.0. However, there may be remaining problems with PHP 8 in core, and it's very likely that there are problems in contrib. Please test, and report any problems in the appropriate issue queue.

Alan

CEO & Founder

Mar 13, 2021
2 comments

AltaGrade donates the domain name "backdrop.org" to the Backdrop community

I remember poking into Backdrop's code for the first time back in October 2014, when we tried to set it up on Drupion (the older incarnation of our company). According to a popular Russian proverb, "the first pancake is always wonky," so we ran into our first Backdrop problem right then. However, with the valuable input from the Backdrop community members we quickly made necessary changes and got it up and running.

Alan

CEO & Founder

Dec 21, 2020
Add comment

Paragraphs jQuery UI Accordion has been ported to Backdrop

Description

This is to announce the initial release of Paragraphs jQuery UI Accordion module for Backdrop. Initially created for Drupal by Maksym Shakhrai, the module is now ported to Backdrop by AltaGrade team.

Paragraphs jQuery UI Accordion is a module to create paragraphs with accordion effect in your Backdrop website's content. It based on jQuery UI Accordion plugin which already included in core, so no need to install additional libraries.

Alan

CEO & Founder

Jul 15, 2020
Add comment

Joomla team has announced several bug fixes today on July 14, 2020.

Core - System Information screen could expose redis or proxy credentials

    Project: Joomla!
    SubProject: CMS
    Impact: Low
    Severity: Low
    Versions: 3.0.0-3.9.19
    Exploit type: Information Disclosure
    Reported Date: 2020-Jun-17
    Fixed Date: 2020-July-14
    CVE Number: CVE-2020-15698

Description

Inadequate filtering in the system information screen could expose redis or proxy credentials

Alan

CEO & Founder

Jun 17, 2020
Add comment

Project: Internationalization
Version: 7.x-1.x-dev
Date: 2020-June-17
Security risk: Moderately critical 14∕25 
Vulnerability: Cross site scripting

Description

The Internationalization (i18n) module is a collection of modules to extend Drupal 7 core multilingual capabilities and allows to build real life multilingual sites.

A value in the term translation module is displayed without being escaped leading to a Cross Site Scripting (XSS) vulnerability.

Alan

CEO & Founder

Jun 17, 2020
Add comment

Project: Drupal core
Date: 2020-June-17
Security risk: Less critical 8∕25 
Vulnerability: Access bypass
CVE IDs: CVE-2020-13665

Description

JSON:API PATCH requests may bypass validation for certain fields.

By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.

Solution

Install the latest version:

Alan

CEO & Founder

Jun 17, 2020
Add comment

Project: Drupal core
Date: 2020-June-17
Security risk: Critical 17∕25 
Vulnerability: Arbitrary PHP code execution
CVE IDs: CVE-2020-13664

Description

Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances.

An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability.

Alan

CEO & Founder

Jun 17, 2020
Add comment

Project: Drupal core
Date: 2020-June-17
Security risk: Critical 15∕25 
Vulnerability: Cross Site Request Forgery
CVE IDs: CVE-2020-13663

Description

The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

Alan

CEO & Founder

Mar 20, 2020
Add comment

As the global pandemic of the COVID-19 continues to develop, we wanted to reach out to our current and prospective customers and let you know how AltaGrade is dealing with the Coronavirus emergency.

Alan

CEO & Founder

Jun 19, 2019
Add comment

WordPress Maintenance 5.2.2 Version has been released

WordPress 5.2.2 is now available! This maintenance release fixes 13 bugs and adds a little bit of polish to the Site Health feature that made its debut in 5.2.

Here are some changes of note:

The AltaGrade Blog

Drupal 7.79 has been released

AltaGrade donates the domain name "backdrop.org" to the Backdrop community

Paragraphs jQuery UI Accordion has been ported to Backdrop

Description

Several security bugs fixed on Joomla

Core - System Information screen could expose redis or proxy credentials

Description

Drupal 7: Internationalization - Moderately critical - Cross site scripting - SA-CONTRIB-2020-025

Description

Drupal 8 and 9 core - Less critical - Access bypass - SA-CORE-2020-006

Description

Solution

Drupal 8 and 9 core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

Description

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

Description

AltaGrade During the Coronavirus Crisis

WordPress Maintenance 5.2.2 Version has been released

Pages