Morpht CI Pipeline Detects Security Vulnerability in Drupal Core

pipelines

Morpht's continuous integration (CI) pipeline recently detected a security vulnerability in Drupal core, highlighting the value of routine CI hygiene. During a nightly job that tests Morpht’s Convivial Profile, which is used across various sites such as demo.convivial.io and govcms.convivial.io, a security scan flagged a vulnerability in the twig package (CVE-2024-45411) used in both Drupal core versions 11.0.2 and 10.3.3. 

The vulnerability, rated High (8.6/10) in severity, prompted Morpht team member Naveen Valecha to file an issue with Drupal core (issue 3473195). As a result, the Drupal community responded quickly, and updated versions of all supported cores are expected soon. This incident underscores the effectiveness of proactive CI practices in maintaining secure and reliable code.

Disclosure: This content is produced with the assistance of AI.

Source Reference

Date of Publication
Organization
URL
https://www.morpht.com/blog/nightly-ci-hygiene-pays

Disclaimer: The opinions expressed in this story do not necessarily represent that of TheDropTimes. We regularly share third-party blog posts that feature Drupal in good faith. TDT recommends Reader's discretion while consuming such content, as the veracity/authenticity of the story depends on the blogger and their motives. 

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Related Organizations

Advertisement Here

Upcoming Events

Latest Opportunities

Advertisement Here