dac3ab0224
9.3.20 (2022-07-28) This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9. * Drupal core uses the third-party Diactoros library as its PSR-7 implementation. Diactoros has issued a security advisory: * CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack Drupal core is unlikely to be vulnerable. This bugfix release updates the version of Diactoros used in drupal/core-recommended to a secure version as a precaution. 9.3.19 (2022-07-20) This is a security release of the Drupal 9 series. This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement: * Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012 * Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013 * Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014 * Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015 No other changes are included. |
||
|---|---|---|
| .. | ||
| files | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| options.mk | ||
| PLIST | ||