Drupal Core Security Update

[dinesh-kesarkar]

Hi @sylus @leeomara @nathanv

There was a Drupal Core security release to update the version from 8.8 to 8.8.6 & also it has some XSS Jquery updates. Ref - https://www.drupal.org/sa-core-2020-002

Is WxT version 3.0.8 needs to worry about that? as it has Drupal core version as 8.8.4
Ref - https://github.com/drupalwxt/wxt/blob/3.0.8/CHANGELOG.md

WxT only needs to update when there is WxT version update? for example the recent updated version is v3.0.9 or v3.0.10

[nathanpw]

@dinesh-kesarkar (edit to actually answer your question) The security release doesn't say what version or when this was introduced. I would assume this is the case in wxt 3.0.8 with core 8.8.4. It says to upgrade to drupal core 8.8.6 Which we are in the process of doing and releaseing (probably 3.0.11)

I just merged an update to lightning which should include the new Drupal core.

https://github.com/drupalwxt/wxt/commit/bd4e97ec1444a4174618cdc2e4ea82718aec1525

I will start an issue for 3.0.11 which should include these updates. Probably tag later tonight.

[nathanpw]

@dinesh-kesarkar I just wanted to mention in the future you can post these types of questions on d.o project issue queue and not github.

https://www.drupal.org/project/issues/wxt?text=&status=All

I just noticed you did.: https://www.drupal.org/project/wxt/issues/3138641

Thanks for asking about this security update.

[dinesh-kesarkar]

Thanks @nathanpw I appreciate your response As i realized later that to create same issue on d.o But yes next time, i will log the issue there only.