Project: User hash
Date: 2021-September-22
Security risk: Moderately critical 12∕25
Vulnerability: Cache poisoningThis module enables you to create an individual hash for each user. These hashes can be used for authentication instead of the user's password, e.g. for views exporters.
The module doesn't sufficiently invalidate page output when the page_cache module is used.
Project: The Better Mega Menu
Date: 2021-September-22
Security risk: Moderately critical 12∕25
Vulnerability: Cross Site Scripting, Information Disclosure, Multiple vulnerabilitiesThis module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.
Project: GraphQL
Date: 2021-September-15
Security risk: Moderately critical 13∕25
Vulnerability: Access bypass
CVE IDs: CVE-2020-13675This advisory addresses a similar issue to Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008.
Project: Entity Embed
Date: 2021-September-15
Security risk: Moderately critical 11∕25
Vulnerability: Cross Site Request Forgery
CVE IDs: CVE-2020-13673This advisory addresses a similar issue to Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006.
Project: Drupal core
Date: 2021-September-15
Security risk: Moderately critical 10∕25
Vulnerability: Cross Site Request Forgery
CVE IDs: CVE-2020-13673
Project: Webform
Date: 2021-August-25
Security risk: Moderately critical 12∕25
Vulnerability: Cross Site ScriptingThe Webform module uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Webform.
Project: Admin Toolbar
Date: 2021-August-25
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site Scripting, Access BypassThe Admin Toolbar (admin_toolbar) module extends the default toolbar provided by Drupal Core with various features facilitating day-to-day editorial and administrative work.
The Admin Toolbar Search sub-module of this module
Project: Drupal core
Date: 2021-August-12
Security risk: Moderately critical 13∕25
Vulnerability: Third-party librariesThe Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.
I was recently setting up my local development environment for a new Drupal 9 project and despite abundance of documentation, couldn't get the Devel and Kint properly working at once. And because most of tutorials found online on the subject turned out to be buggy, outdated and/or obsolete, for posterity reasons I decided to log the installation steps that worked for me.
#TL;DR
drush pmu kint
composer require drupal/devel kint-php/kint
drush en devel