Closed Al-Rozhkov closed 7 years ago
D7 project was updated and available again. https://www.drupal.org/project/references
Since this was a security release, I've committed the changes made in the d.org module as is. @Al-Rozhkov are you using this module in production? If so, can you please have a quick check and of you think it's OK, lets tag a new release.
Pinging @jromine (listed as the current maintainer), @herbdool (tagged the 1.0.0 release) & @jenlampton (input/advice on how to proceed with a new release).
...feel free to unassign yourselves if you think there's nothing you can do.
Thanks @klonos. First step I can make a new release and mention it's a security fix. Second, @jenlampton or @serundeputy can mark the old release as having a security issue (can't do it from github yet). Third, we'll probably need to find a new maintainer. @jromine I believe you've stepped away from Backdrop, am I correct?
I'm still following the project, but not active at present. Glad to see someone port this fix; I was about to look at doing that myself.
Wow, thanks for putting this on my radar y'all; hadn't noticed the new References D7 release. What a relief!
I think we can close this.
@jenlampton or @serundeputy can mark the old release as having a security issue (can't do it from github yet).
Can't do that on b.org either; we do the opposite: mark the new release as a security release. I think it doesn't make sense otherwise either, since all releases prior to a security release should then be marked as having security issues. Anyways, point is: Done:
https://www.drupal.org/node/2869138
I didn't find any details about vulnerability. This module has 120k installs in d7 and one of the most popular modules in Backdrop according to information from https://backdropcms.org/project/usage