Since its official release in January 5, 2011 for many years Drupal 7.0 had been the content management system of choice for the majority of the web-projects hosted on AltaGrade platform. However, the picture has been gradually changing after Drupal 7's end-of-life was announced to take place sometime in November 2021 with growing number of Drupal 8, Wordpress, Backdrop or other types of websites coming.
Project: Drupal core
Version: 8.8.x-dev, 8.7.x-dev, 7.x-dev
Date: 2019-December-18
Security risk: Critical 17∕25
Vulnerability: Multiple vulnerabilitiesDrupal Security team released important security updates for Drupal 7 and Drupal 8 which address a critical and three "moderately critical" vulnerabilities in its core system.
WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.
You can download WordPress 5.3.1 by clicking this link, or visit your WordPress website's Dashboard → Updates and click Update Now.
Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096
Project: Webform
Versions: 7.x-4.x, 7.x-3.x
Date: 2019-December-11
Security risk: Critical 15∕25
Vulnerability: Multiple vulnerabilitiesDescription
This module enables you to create forms to collect information from users and report, analyze and distribute it by email.
Project: Smart Trim
Version: 8.x-1.x
Date: 2019-December-11
Security risk: Moderately critical
Vulnerability: Cross site scriptingThe Smart Trim module allows site builders additional control with text summary fields.
The module doesn't sufficiently filter text when certain options are selected.
This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when certain options are selected for the trimmed output.
WordPress 5.3 with the improved block editor, named “Kirk” in honour of jazz multi-instrumentalist Rahsaan Roland Kirk, has been released today and is available for download or update in your dashboard.
5.3 expands and refines the block editor with more intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers more control over the look of a site.
WordPress 5.2.4 is now available! This security release fixes 6 security issues.
WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.
The following security vulnerabilities have been detected and addressed in this release:
Project: Localization update
Date: 2019-October-02
Security risk: Moderately critical 10∕25
Vulnerability: Insecure server configurationThis module enables you to automatically download and update the site's interface translation by fetching them from localize.drupal.org or any other Localization server.
Project: Simple AMP (Accelerated Mobile Pages)
Date: 2019-October-02
Security risk: Moderately critical 13∕25
Vulnerability: Access bypassThis module allows display of a site's content in AMP format.
The module doesn't sufficiently check access on unpublished or restricted content.
Install the latest version of the module.
Project: Gutenberg
Date: 2019-September-25
Security risk: Critical 16∕25
Vulnerability: Access bypassThis module provides a new UI experience for node editing - Gutenberg editor.
The routes used by the Gutenberg editor lack proper permissions allowing untrusted users to view and modify some content they should not be able to view or modify.
Install the latest version: