Drupal Security Advisories
- Advisory ID: DRUPAL-SA-CONTRIB-2017-051
- Project: Site verification (third-party module)
- Version: 7.x
- Date: 2017-May-24
- Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default
- Vulnerability: Multiple vulnerabilities
The Site Verify module enables privilege users to verify a site with services like Google Webmaster Tools using meta tags or file uploads....
- Advisory ID: DRUPAL-SA-CONTRIB-2017-050
- Project: landing_page (third-party module)
- Date: 24-May-2017
The Custom Landing Page Builder module allows webmasters to build custom landing pages using a WYSIWYG editor while still having full control over the full layout of the page including the header, navigation, page content, footer, forms etc.
The security team is marking this module unsupported. There is a known
security issue with the module that has...
- Advisory ID: DRUPAL-SA-CONTRIB-2017-049
- Project: Display Suite (third-party module)
- Version: 8.x
- Date: 2017-May-17
- Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
- Vulnerability: Cross Site Scripting
Display Suite allows you to take full control over how your content is displayed using a drag and drop interface.
In certain situations, Display...
This articles features links and information from the Peerless design Security presentation from various Drupal Camps in the Eastern US. Audio from New Jersey's impromptu presentation can be found on the Drupal Camp NJ site for 2014. The PDF version contains all info removed to accommodate time constraints. The entire presentation is available in a white paper available here.
Drupal Weekly Drop
Let's see how to update your Drupal site between 8.x.x minor and patch versions. For example, from 8.1.2 to 8.1.3, or from 8.3.5 to 8.4.0. I hope this will help you.
If you are upgrading to Drupal version x.y.z
x -> is known as the major version number
y -> is known as the minor version number
z -> is known as the patch version number....
The token module is one of these essential modules on any Drupal 8 project. It allows you to use tokens in certain input fields, whether configuration or content, to target the value of one entity field. Many modules use it to allow users or site builder to provide dynamic value without the need for coding.
Let's see how to access the content's values from these tokens, but also to the values indirectly associated with these contents, from Entity reference fields.