Security Update to Address Apigee Edge Module for Drupal 9.x.

Staff Reporter

On 1st February 2023 Drupal.Org displayed the new release of a security update. The purpose of this update is to address the vulnerability i.e access bypass affecting the Apigee Edge module for Drupal 9.x.

#Drupal released a security update to address a #vulnerability affecting the Apigee Edge module for Drupal 9.x. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information.

Source: https://t.co/jzu9N4hos6
— P.K. Sharma (@pk_sharma88) February 3, 2023

The Apigee Edge module enables you to connect a Drupal 8+ site to Apigee Edge or Apigee X in order to build a developer portal. The Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places. According to Drupal.org the solution is to install the latest version of the module.

If you use the Apigee Edge module version 2.0.x for Drupal 9.x, upgrade to Apigee Edge 2.0.8
If you use the Apigee Edge module version 8.x-1.x for Drupal 9.x, upgrade to Apigee Edge 8.x-1.27

Click here to follow us on LinkedIn

Comment

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Security Update