The AltaGrade Blog

Backdrop core - Critical - Third-party libraries - BACKDROP-SA-CORE-2021-001

Nick

Marketing Project Manager

Jan 27, 2021
Add comment

Backdrop core - Critical - Third-party libraries - BACKDROP-SA-CORE-2021-001

Date: Wednesday, Jan 27th, 2021
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2021-001
CVE ID: CVE-2020-36193
Vulnerability: Third Party Libraries
Versions affected: Backdrop Core 1.18.x versions prior to 1.18.1, Backdrop Core 1.17.x versions prior to 1.17.6
Backdrop versions 1.16 and prior do not receive security coverage.

Description

The Backdrop project uses the pear Archive_Tar library, which has released a security update that impacts Backdrop. For more information please see:

Nick

Marketing Project Manager

Jan 27, 2021
Add comment

Subgroup - Less critical - Access bypass - SA-CONTRIB-2021-003

Project: Subgroup
Version: 1.0.x-dev
Date: 2021-January-27
Security risk: Less critical 9∕25 
Vulnerability:Access bypass

Description

This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree.

Nick

Marketing Project Manager

Jan 27, 2021
Add comment

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-001

Project: Open Social
Versions: 8.x-9.x-dev, 8.x-8.x-dev
Date: 2021-January-27
Security risk: Moderately critical 12∕25
Vulnerability: Access bypass

Description

The optional Social Auth Extra module enables you to use the single sign-on methods provided by Open Social e.g. Facebook, LinkedIn, Google and Twitter.

Nick

Marketing Project Manager

Jan 27, 2021
Add comment

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-002

Project: Open Social
Versions: 8.x-9.x-dev, 8.x-8.x-dev
Date: 2021-January-27
Security risk: Moderately critical 10∕25
Vulnerability: Access bypass

Description

The Social User Export module enables users within Open Social to create an export of users and download this to a CSV file.

Nick

Marketing Project Manager

Jan 20, 2021
Add comment

Drupal core - Critical - Third-party libraries - SA-CORE-2021-001

Project: Drupal core
Date: 2021-January-20
Security risk: Critical 18∕25
Vulnerability: Third-party libraries

Description

The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:

Nick

Marketing Project Manager

Jan 16, 2021
Add comment

On Backdrop CMS' 6th birthday version 1.18.0 has been released. Happy Birthday, Backdrop!

Backdrop CMS turned 6 years on January 15, 2021 and on the same day the Backdrop community has proudly released version 1.18.0. Congratulations to all users and developers of Backdrop CMS - the open source CMS that helps you build websites for businesses and non-profits in the best traditions of Drupal 7!

Nick

Marketing Project Manager

Dec 18, 2020
Add comment

Drupal 7's FAQ Field has been ported to Backdrop

Description

We are happy to announce the initial release of FAQ field module for Backdrop. Initially created for Drupal 7 by Patrick Drotleff and now ported to Backdrop by AltaGrade team, FAQ Field module provides a field for frequently asked questions.

Adding to any content type or user entity, you can create simple but smooth frequently asked questions on any piece of content on your Backdrop website.

Nick

Marketing Project Manager

Dec 9, 2020
Add comment

WordPress 5.6 “Simone” has been released

WordPress 5.6 “Simone,” named in honor of American performer and civil rights activist Nina Simone, has been released today. The release was led by an all-women release squad, a first in WordPress history. The new version includes many enhancements for the block editor, accessibility improvements, application password support for the REST API, and a new default theme.

Nick

Marketing Project Manager

Nov 26, 2020
Add comment

Backdrop core - Critical - Arbitrary PHP code execution - BACKDROP-SA-CORE-2020-008

Date: Wednesday, Nov 25th, 2020
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2020-008
CVE ID: CVE-2020-28948, CVE-2020-28949
Vulnerability: Arbitrary PHP code execution

Versions affected

Backdrop Core 1.17.x versions prior to 1.17.4
Backdrop Core 1.16.x versions prior to 1.16.6

Backdrop versions 1.15 and prior do not receive security coverage.

Nick

Marketing Project Manager

Nov 26, 2020
Add comment

There are known exploits! Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

Project: Drupal core
Date: 2020-November-25
Security risk: Critical 18∕25 
Vulnerability: Arbitrary PHP code execution
CVE IDs: CVE-2020-28949,CVE-2020-28948

Description

The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:

The AltaGrade Blog

Backdrop core - Critical - Third-party libraries - BACKDROP-SA-CORE-2021-001

Description

Subgroup - Less critical - Access bypass - SA-CONTRIB-2021-003

Description

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-001

Description

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-002

Description

Drupal core - Critical - Third-party libraries - SA-CORE-2021-001

Description

On the 6th birthday of Backdrop CMS the version 1.18.0 is released

Drupal 7's FAQ Field has been ported to Backdrop

Description

WordPress 5.6 “Simone” has been released

Backdrop core - Critical - Arbitrary PHP code execution - BACKDROP-SA-CORE-2020-008

Versions affected

There are known exploits! Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

Description

Pages