The AltaGrade Blog

Paragraphs jQuery UI Accordion has been ported to Backdrop

Paragraphs jQuery UI Accordion has been ported to Backdrop

Description

This is to announce the initial release of Paragraphs jQuery UI Accordion module for Backdrop. Initially created for Drupal by Maksym Shakhrai, the module is now ported to Backdrop by AltaGrade team.

Paragraphs jQuery UI Accordion is a module to create paragraphs with accordion effect in your Backdrop website's content. It based on jQuery UI Accordion plugin which already included in core, so no need to install additional libraries.

Read More

Several security bugs fixed on Joomla

Joomla

Joomla team has announced several bug fixes today on July 14, 2020.

Core - System Information screen could expose redis or proxy credentials

    Project: Joomla!
    SubProject: CMS
    Impact: Low
    Severity: Low
    Versions: 3.0.0-3.9.19
    Exploit type: Information Disclosure
    Reported Date: 2020-Jun-17
    Fixed Date: 2020-July-14
    CVE Number: CVE-2020-15698

Description

Inadequate filtering in the system information screen could expose redis or proxy credentials

Read More

Drupal 7: Internationalization - Moderately critical - Cross site scripting - SA-CONTRIB-2020-025

Drupal Security

Project: Internationalization
Version: 7.x-1.x-dev
Date: 2020-June-17
Security risk: Moderately critical 14∕25 
Vulnerability: Cross site scripting

Description

The Internationalization (i18n) module is a collection of modules to extend Drupal 7 core multilingual capabilities and allows to build real life multilingual sites.

A value in the term translation module is displayed without being escaped leading to a Cross Site Scripting (XSS) vulnerability.

Read More

Drupal 8 and 9 core - Less critical - Access bypass - SA-CORE-2020-006

Drupal Security

Project: Drupal core
Date: 2020-June-17
Security risk: Less critical 8∕25 
Vulnerability: Access bypass
CVE IDs: CVE-2020-13665

Description

JSON:API PATCH requests may bypass validation for certain fields.

By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.

Solution

Install the latest version:

Read More

Drupal 8 and 9 core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

Drupal Security

Project: Drupal core
Date: 2020-June-17
Security risk: Critical 17∕25 
Vulnerability: Arbitrary PHP code execution
CVE IDs: CVE-2020-13664

Description

Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances.

An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability.

Read More

Time to update WordPress to 5.2.1

Time to update WordPress to 5.2.1

A short-cycle maintenance 5.2.1 release WordPress has been announced today. The next version 5.2.2 is expected to follow in approximately two weeks.

This maintenance release fixes 33 bugs, including improvements to the block editor, accessibility, internationalization, and the Site Health feature introduced in 5.2.

Read More