Date: Mon, 26 Apr 2021 12:51:52 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 255417] www/drupal7: update to 7.80 [patch] [security] Message-ID: <bug-255417-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255417 Bug ID: 255417 Summary: www/drupal7: update to 7.80 [patch] [security] Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: joneum@FreeBSD.org Reporter: simon.wright@gmx.net Assignee: joneum@FreeBSD.org Flags: maintainer-feedback?(joneum@FreeBSD.org) Attachment #224441 maintainer-approval? Flags: Flags: maintainer-feedback?, merge-quarterly? Created attachment 224441 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D224441&action= =3Dedit Patch to update Drupal 7.78 to 7.80 Project: Drupal core Date: 2021-April-21 Security risk: Critical 15=E2=88=9525 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Cross-site scripting Description:=20 Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent = the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible. https://www.drupal.org/sa-core-2021-002 No changes have been made to the .htaccess, web.config, robots.txt, or defa= ult settings.php files in this release, so upgrading custom versions of those f= iles is not necessary if your site is already on the previous release. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255417-7788>