Drupal Core Security Update: New Features and Fixes

Drupal Core Security update got released on 18th January 2023, aiming to address the important information disclosure vulnerabilities in the Media Library module for Drupal 9.4, 9.5 and 10.0. Get started by downloading the official Drupal core files.

These official releases come bundled with various modules and themes to give you a good starting point to help build your site. Drupal core includes basic community features like blogging, forums, and contact forms and can be easily extended by downloading other contributed modules and themes.

The Media Library module does not properly check entity access in some circumstances, which could allow users with access to edit content to view metadata about media items they may not otherwise be authorized to access. Although the inaccessible media will only be visible to those with edit access to the content that includes a media reference field, this vulnerability can still be exploited to gain an increased understanding of the media items on the system. To mitigate this vulnerability, it is important to ensure that all users are given appropriate access to the media library, and that access is restricted as needed.

Solution: 

Install the latest version:

All versions of Drupal 9 before 9.4.x are end-of-life and do not receive security coverage. This means that any security issues identified for these versions will not be addressed. Additionally, any installation of these versions is at risk of web security breaches or malicious attacks. Note that Drupal 8 has reached its end of life and is no longer receiving security coverage.

The Drupal Security Team is committed to ensuring that all users have access to the latest security updates and will continue to monitor and respond to any security threats actively.

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Advertisement Here
Advertisement Here

Latest Opportunities

Upcoming Events