DXPR Theme: New Security Update Released After Theme Users Warned
A new security update is released for DXPR theme. The update addresses a security issue regarding loading Google fonts. The issue roots from a privacy breach related to the loading of fonts from Google’s Content Delivery Network (CDN).
The process of loading fonts from the Google CDN used to expose the users’ Personally Identifiable Information (PII) such as IP addresses to Google. German courts have ruled that this leakage amounts to violation of privacy and threatened DXPR theme users with penalties. This led DXPR to take measures to address the problem.
DXPR has now modified the Theme to serve Google fonts from the local public file system. This way of loading the fonts avoids any leakage of PII. Apart from fixing this security issue, the update also fixes several bugs. It also brings in eight new color schemes.
However, websites using the popular @font-your-face module to load Google fonts or other fonts from a CDN might be still facing this privacy issue.
DXPR theme is a low-code Drupal theme that allows easy customization of a website design. Click here to read the official release published by DXPR.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.
Related Organizations
Comments
You may also like
