Upgrade Your Drupal Skills
We trained 1,000+ Drupal Developers over the last decade.
See Advanced Courses NAH, I know EnoughDrupal core - Critical - Third-party libraries - SA-CORE-2021-001
Parent Feed:
Project:
Date:
2021-January-20
Vulnerability:
Third-party libraries
Description:
The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:
Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.
Solution:
Install the latest version:
- If you are using Drupal 9.1, update to Drupal 9.1.3.
- If you are using Drupal 9.0, update to Drupal 9.0.11.
- If you are using Drupal 8.9, update to Drupal 8.9.13.
- If you are using Drupal 7, update to Drupal 7.78.
Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.
Disable uploads of .tar, .tar.gz, .bz2, or .tlz files to mitigate the vulnerability.
Reported By:
Fixed By:
- Lee Rowlands of the Drupal Security Team
- Drew Webber of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
- Vijay Mani Provisional Member of the Drupal Security Team
- Jess of the Drupal Security Team
- Michael Hess of the Drupal Security Team
Original Post:
About Drupal Sun
Drupal Sun is an Evolving Web project. It allows you to:
- Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
- Facet based on tags, author, or feed
- Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
- View the entire article text inline, or in the context of the site where it was created
See the blog post at Evolving Web
