Software Update: Drupal 7.78 / 8.9.13 / 9.0.11 / 9.1.3

Spread the love

Updates have been released for Drupal versions 7, 8.9, 9.0 and 9.1. Drupal is a PHP written, user-friendly and powerful content management platform, with which, for example, websites can be created. It’s simple enough for a novice user, but powerful enough to build a more complex website as well. The program includes a content management platform and a development framework. The updates contain a fix for an archive file security vulnerability:

Drupal core – Critical – Third-party libraries – SA-CORE-2021-001

Project: Drupal core
Date: 2021-January-20
security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon
Vulnerability: Third-party libraries
Description: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:

Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

Solution: Install the latest version:

Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.

Disable uploads of .tar, .tar.gz, .bz2, or .tlz files to mitigate the vulnerability.

Version number 7.78 / 8.9.13 / 9.0.11 / 9.1.3
Release status Final
Operating systems script language
Website Drupal
Download https://ftp.drupal.org/files/projects/drupal-9.0.9.tar.gz
License type GPL
You might also like