Security Update: Critical Access Bypass Identified in Registration Role Module
A security update has been released for Drupal addressing a critical access bypass found in the Registration Role module version <2.0.1.
Sites utilizing this version are urged to upgrade immediately. The Registration Role module facilitates administrators in selecting roles for automatic assignment to new users. However, a logic error has been discovered in the module's handling of sites that upgraded code without running the Drupal update process (e.g., update.php).
It's important to note that this vulnerability is mitigated on sites that follow the proper process of updating code and running standard updates. For users of the Registration Role module version 2.x, it is advised to upgrade to version 2.0.1 promptly to ensure security measures are up-to-date
Disclosure: This content is produced with the assistance of AI.