Drupal

Paragraphs jQuery UI Accordion has been ported to Backdrop

Paragraphs jQuery UI Accordion has been ported to Backdrop

Description

This is to announce the initial release of Paragraphs jQuery UI Accordion module for Backdrop. Initially created for Drupal by Maksym Shakhrai, the module is now ported to Backdrop by AltaGrade team.

Paragraphs jQuery UI Accordion is a module to create paragraphs with accordion effect in your Backdrop website's content. It based on jQuery UI Accordion plugin which already included in core, so no need to install additional libraries.

Read More

Drupal 7's FAQ Field has been ported to Backdrop

Drupal 7's FAQ Field has been ported to Backdrop

Description

We are happy to announce the initial release of FAQ field module for Backdrop. Initially created for Drupal 7 by Patrick Drotleff and now ported to Backdrop by AltaGrade team, FAQ Field module provides a field for frequently asked questions.

Adding to any content type or user entity, you can create simple but smooth frequently asked questions on any piece of content on your Backdrop website.

Read More

There are known exploits! Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

There are known exploits! Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

Project: Drupal core
Date: 2020-November-25
Security risk: Critical 18∕25 
Vulnerability: Arbitrary PHP code execution
CVE IDs: CVE-2020-28949,CVE-2020-28948

Description

The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:

Read More

Multiple security advisories are issued for Drupal 7, 8, 9 core and contributed modules: SA-CORE-2020-012, SA-CONTRIB-2020-035, SA-CONTRIB-2020-036, SA-CONTRIB-2020-037, SA-CONTRIB-2020-038

Multiple security advisories are issued for Drupal 7, 8, 9 core and contributed modules: SA-CORE-2020-012, SA-CONTRIB-2020-035, SA-CONTRIB-2020-036, SA-CONTRIB-2020-037, SA-CONTRIB-2020-038

Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036

Project: Media: oEmbed
Date: 2020-November-18
Security risk: Critical 17∕25 
Vulnerability: Remote Code Execution

Description

Media oEmbed does not properly sanitize certain filenames as described in SA-CORE-2020-012.

Solution

Install the latest version:

Upgrade to Media oEmbed 7.x-2.8

Read More

Drupal OAuth Server (OAuth Provider) - Single Sign On ( SSO ) - SQL Injection -SA-CONTRIB-2020-034

Drupal OAuth Server (OAuth Provider) - Single Sign On ( SSO ) - SQL Injection -SA-CONTRIB-2020-034

Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO )
Date: 2020-October-14
Vulnerability: SQL Injection

Description

This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.

The 8.x branch of the module is vulnerable to SQL injection.

Solution

Install the latest version:

If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to 8.x-1.1

Read More

Pages