Morpht CI Pipeline Detects Security Vulnerability in Drupal Core
Morpht's continuous integration (CI) pipeline recently detected a security vulnerability in Drupal core, highlighting the value of routine CI hygiene. During a nightly job that tests Morpht’s Convivial Profile, which is used across various sites such as demo.convivial.io and govcms.convivial.io, a security scan flagged a vulnerability in the twig package (CVE-2024-45411) used in both Drupal core versions 11.0.2 and 10.3.3.
The vulnerability, rated High (8.6/10) in severity, prompted Morpht team member Naveen Valecha to file an issue with Drupal core (issue 3473195). As a result, the Drupal community responded quickly, and updated versions of all supported cores are expected soon. This incident underscores the effectiveness of proactive CI practices in maintaining secure and reliable code.
Disclosure: This content is produced with the assistance of AI.