Date: Wednesday, Nov 25th, 2020
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2020-008
CVE ID: CVE-2020-28948, CVE-2020-28949
Vulnerability: Arbitrary PHP code executionBackdrop versions 1.15 and prior do not receive security coverage.
Project: Drupal core
Date: 2020-November-25
Security risk: Critical 18∕25
Vulnerability: Arbitrary PHP code execution
CVE IDs: CVE-2020-28949,CVE-2020-28948The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:
Date: Wednesday, Nov 18th, 2020
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2020-007
CVE ID: CVE-2020-13671
Vulnerability: Remote Code ExecutionBackdrop versions 1.15 and prior do not receive security coverage.
Project: Media: oEmbed
Date: 2020-November-18
Security risk: Critical 17∕25
Vulnerability: Remote Code ExecutionMedia oEmbed does not properly sanitize certain filenames as described in SA-CORE-2020-012.
Install the latest version:
Upgrade to Media oEmbed 7.x-2.8
Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO )
Date: 2020-October-14
Vulnerability: SQL Injection
This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.
The 8.x branch of the module is vulnerable to SQL injection.
Install the latest version:
If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to 8.x-1.1
AltaGrade has been proudly providing professional hosting services for Drupal 9 websites since the day of its initial release. With the growing number of customers interested in our new hosting environment specifically built for Drupal 9, we'd like to provide some technical data on how exactly we've addressed the challenges to meet system requirements of Drupal 9.
Project: Drupal core
Date: 2020-September-16
Security risk: Moderately critical 14∕25
Vulnerability: Cross-site scripting
CVE IDs: CVE-2020-13666The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.
Install the latest version:
This maintenance release features 34 bug fixes, 5 enhancements, and 5 bug fixes for the block editor. These bugs affect WordPress version 5.5, so you’ll want to upgrade.
Joomla 3.9.21 is now available. This is a security release for the 3.x series of Joomla which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements.
Joomla 3.9.21 includes 3 security vulnerability fixes and addresses several bugs, including:
