Project: Forms Steps
Date: 2019-August-14
Security risk: Critical 16∕25
Vulnerability: Access bypassForms Steps provides an UI to create form workflows using form modes. It creates quick and configurable multisteps forms.
The module doesn't sufficiently check user permissions to access its workflows entities that allows to see any entities that have been created through the different steps of its multistep forms.
Project: External Links Filter
Date: 2019-August-14
Security risk: Moderately critical 10∕25
Vulnerability: Open Redirect VulnerabilityThe External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL.
The module did not have protection for the Redirect URL to go where content authors intended.
Install the latest version:
Drupal Security team announced today the discovery of vulnerabilities in Drupal 8 core and two Drupal 7 contributed modules - ImageCache Actions and Meta tags quick with the following details and recommended ways of mitigations.
WordPress 5.2.2 is now available! This maintenance release fixes 13 bugs and adds a little bit of polish to the Site Health feature that made its debut in 5.2.
Here are some changes of note:
Cybersecurity security researchers at Alert Logic have announced warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions.
Update of June 5, 2019: We have to re-send this newsletter once again, because when contacted about migration some customers reported they didn't receive previous notifications about Drupion-AltaGrade transformation.
A short-cycle maintenance 5.2.1 release WordPress has been announced today. The next version 5.2.2 is expected to follow in approximately two weeks.
This maintenance release fixes 33 bugs, including improvements to the block editor, accessibility, internationalization, and the Site Health feature introduced in 5.2.
Drupal Security Team has announced a moderately critical security advisory for both Drupal 7 & 8 cores today on May 8, 2019 with the following details:
Project: Drupal core
Date: 2019-May-08
Security risk: Moderately critical 14∕25
Vulnerability: Third-party librariesjQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.
As you might know we first announced the launch of our new AltaGrade website and the new hosting platform back on November, 2018. Since then we've been accepting new orders on and migrating Drupion customers who wanted immediate upgrades to the new system.