Software Update: Drupal 7.69 / 8.7.11 / 8.8.1
Updates have been released for versions 7.x, 8.7.x, and 8.8.x of Drupal, which address some security issues. Drupal is a PHP-written, user-friendly and powerful content management platform, with which, for example, websites can be created. It’s simple enough for a novice user, but powerful enough to build a more complex website as well. The program includes a content management platform and a development framework. Below is more information about the issues.
Drupal core – Critical – Multiple vulnerabilities – SA-CORE-2019-012
Project: Drupal core
Versions: 8.8.x-dev, 8.7.x-dev, 7.x-dev
Date: 2019-December-18
security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Proof/TD:Uncommon
Vulnerability: Multiple vulnerabilities
Description: The Drupal project uses the third-party library Archive_Tar, which has released a security update that impacts some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.
Solution: Install the latest version:
- If you are using Drupal 7.x, upgrade to Drupal 7.69.
- If you are using Drupal 8.7.x, upgrade to Drupal 8.7.11.
- If you are using Drupal 8.8.x, upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
Additional information
All advisories released today:
Updating to the latest Drupal core release will apply the fixes for all the above advisories.
| Version number | 7.69 / 8.7.11 / 8.8.1 |
| Release status | Final |
| Operating systems | script language |
| Website | Drupal |
| Download | https://www.drupal.org/sa-core-2019-012 |
| License type | GPL |