Security Update

Next.js just patched a major security flaw that could let attackers slip past your app’s defenses. If you're self-hosting, you’ll want to hear this. ...more

Drupal unveiled three updates on November 20, 2024: Drupal 11.0.8, which includes new features and long-term compatibility; Drupal 10.3.9, which focuses on security and bug fixes; and Drupal 7.102, which is part of its final maintenance phase. Administrators are urged to update promptly to ensure security and compatibility. ...more

Discover the latest security update for Drupal's Registration role module, addressing an access bypass vulnerability championed by the diligent efforts of the Drupal Security Team. ...more

Critical update available! Learn about the latest security patch for the Data Visualisation Framework module in Drupal, fixing Cross Site Scripting vulnerabilities. Stay secure with the updated release. ...more

Attention Drupal users! A recent security advisory flags a moderately critical vulnerability in the Mollie for Drupal module. The flaw, related to payment confirmation logic, could expose users to potential exploitation. Discover the recommended updates and secure your online transactions. Read on for essential details on fortifying your Drupal installation against potential risks. ...more

The Toolbar Edit Page Button module (version 1.0.4) update brings heightened security and efficiency to content management workflow. ...more

Drupal.org Implements Changes to Public Handling of Drupal Core Issues, aiming for faster resolutions and increased community collaboration. ...more

In terms of securing the Drupal installation, the article recommends keeping the core and contributed modules up to date, as well as applying security patches promptly. ...more

The process of loading fonts from the Google CDN used to expose the users’ Personally Identifiable Information (PII) such as IP addresses to Google. German courts have ruled that this leakage amounts to violation of privacy and threatened DXPR theme users with penalties. ...more

According to the release, all Drupal 7 sites on Windows web servers are vulnerable. Drupal 7 sites on Linux web services are vulnerable with certain file directory structure. ...more

The security update aims to address a vulnerability in the Protected Pages module. Anyone using Protected Pages module for Drupal 8/9/10 are advised to install the latest version. ...more

Access bypass affecting the Apigee Edge module for Drupal 9.x.Drupal.Org displayed the new release of a security update to address this issue ...more