Software-update: Drupal versies 7.73 / 8.8.10 / 8.9.6 / 9.0.6 – Beveiligingsupdate

Er zijn nieuwe updates uitgebracht voor Drupal 7.x, 8.x en 9.x. De updates bevatten oplossingen voor vijf beveiligingsproblemen en verder geen andere wijzigingen aangebracht in de updates.

Release notities

This release fixes security vulnerabilities. Drupal-sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal core – Moderately critical – Cross-site scripting – SA-CORE-2020-007
• Drupal core – Moderately critical – Access bypass – SA-CORE-2020-008
• Drupal core – Critical – Cross-site scripting – SA-CORE-2020-009
• Drupal core – Moderately critical – Cross-site scripting – SA-CORE-2020-010
• Drupal core – Moderately critical – Information disclosure – SA-CORE-2020-011

Geen andere fixes zijn inbegrepen.

Welke release moet ik kiezen? Informatie over beveiligingsdekking

Drupal 9.0.x will receive security coverage until June 2, 2021 when Drupal 9.2.0 is released.

• Sites on 8.9.x should update immediately to Drupal 8.9.6 instead.
• Sites on 8.8.x or earlier should update immediately to Drupal 8.8.10 instead, and plan to update to the latest 8.9.x or 9.0.x release before December 2, 2020 (when Drupal 9.1.0 is scheduled for release and 8.8.x security coverage ends).
• Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.

Belangrijke update informatie

Once a site running Workspaces is upgraded for SA-CORE-2020-008, authenticated users may continue to see unauthorized workspace content that they accessed previously until they are logged out.
If it is important for the unintended access to stop immediately, you may wish to end all active user sessions on your site (for example, by truncating the sessions table). Be aware that this will immediately log all users out and can cause side effects like lost user input.

• Sites that override \Drupal\Core\Form\FormBuilder’s renderPlaceholderFormAction() and/or buildFormAction() methods in contrib and/or custom code should ensure that appropriate sanitization is applied for URLs for SA-CORE-2020-009.
• Any site that relies on Drupal’s AJAX API to perform trusted JSONP requests will need to either override the AJAX options to set "jsonp:
true" or use the jQuery AJAX API directly.
  If you are using jQuery’s AJAX API for user-provided URLs in a contrib or custom module, you should review your code and set "jsonp:
false" where this is appropriate.
• No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Extra ondersteuning nodig? Wij kunnen u helpen.

Bij het afnemen van ons Website Onderhoud gaan wij uw website updaten en onderhouden. Alle gebruikte scripts en het CMS/CRM systeem en plug-ins/modules zullen dan de nieuwste versie geïnstalleerd krijgen zodat u minder gevoelig bent eventueel binnendringen van buitenaf en uw website niet misbruikt kan worden.
Bij kritieke beveiligingslekken zullen wij deze meteen naar de nieuwste versie bijwerken.

Voor vragen of wilt u meer informatie over deze dienst of om gebruik te maken van deze dienst, neemt u gerust contact met ons op via info@solutions4hosting.nl

Kijkt voor u meer informatie over deze dienst op onze website: https://www.solutions4hosting.nl/website-diensten/website-onderhoud/