Critical Security Update: Registration Role Module Access Bypass Fix
A critical security vulnerability, identified as Access bypass, has been reported in the Registration role module for Drupal, affecting versions prior to 2.0.1. Discovered by Pamela Barone and Renaud Joubert, the flaw arises from a logic error in sites that upgraded the module without running the Drupal update process, potentially leading to unauthorized role assignment to new users.
The Drupal Security Team, including Juraj Nemec, Benjamin Melançon, Greg Knaddison, and Drew Webber, has addressed this issue. Users are urged to upgrade to Registration role 2.0.1 and review user accounts for unintended roles. Additionally, site administrators should run update hooks or re-save the module's configuration page to ensure security integrity.
Source Reference
ASK: Drupal Community Needs Your Support
View all →
Disclosure: This content is produced with the assistance of AI.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.
Related People
You may also like
