Security Update

The module does not sufficiently filter user-provided text on output, resulting in a Cross-Site Scripting (XSS) vulnerability. The solution is to use the latest updated version.

The module doesn't sufficiently check access for the edit and delete operations. Users with "access content" permission can edit or delete any term. To solve this issue use the latest version.

This is a patch (bugfix) release of Drupal 9 due to the two security advisories released by Guzzle.

This is a patch (bugfix) release of Drupal 9 due to the third-party Guzzle security advisories.

On Friday, Drupal Security Team released Moderately Critical Drupal Core Security Update for Third-party Integration Guzzle library.

Drupal 9.3.15 is a patch (bugfix) release of Drupal 9 and is ready for use on production sites.

Drupal core's form API had a vulnerability where certain contributed or custom modules' forms may have been vulnerable to improper input validation.

According to the latest security update, those that using Drupal 9.3 need to update to Drupal 9.3.12.

The Drupal security team announced on February 16th, 2022, the moderately critical information disclosure vulnerability in Drupal Core, SA-CORE-2022-004.

Drupal security team announced on February 16th, 2022, the moderately critical improper input validation vulnerability in Drupal Core, SA-CORE-2022-003.

Drupal Security Team announced a Cross-Site Scripting (XSS) vulnerability SA-CONTRIB-2022-024 that has low criticality index in the Custom Breadcrumbs Module on February 9th, 2022.

Drupal Security team announces a moderately critical access bypass vulnerability SA-CONTRIB-2022-023 in the Fancy File Delete Module on February 9th 2022.