Release/8.x 1.14

[suhyeonh]

Drupal Core update

• from 8.9.11 to 8.9.13

The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:CVE-2020-36193

Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them. See: https://www.drupal.org/sa-core-2021-001

Modules update

• captcha from 8.x-1.0-beta1 to 8.x-1.1
• components from 8.x-2.0-beta3 to 8.x2.2
• encrypt from 8.x-3.0-rc2 to 8.x-3.0
• galogin from 8.x-1.0-alpha4 to 1.0-alpha6
• inline entity form from 8.x-1.0-rc7 - to 8.x-1.0-rc8
• linkit from 8.x-5.0-beta9 to 8.x-6.0-beta12
• media_entity_file_replace from 8.x1.0-beta2 to 8.x-1.0-beta3
• page_manager from 8.x-4.0-beta4 to 8.x-4.0-beta6
• swiftmailer from 8.x-2.0-beta1 to 8.x-2.0
• two_factor_authentication from 8.x-1.0-alpha4 to 8.x-1.0-alpha7
• username_numeration-prevention from 8.x-1.0-beta2 to 8.x-1.1

Comments

It addresses a recent critical security advisory issued by Drupal.org. GovCMS assessed this risk as it applied to D8 distribution. Subsequently the security risk was downgraded to moderately critical.

Deployment is scheduled from 24 February 2021. No outages are expected to websites during the deployment process.

The GovCMS D8 distribution will continue to be supported after this update.

More information

If you have any concerns, raise a ticket at https://www.govcms.support, alternatively subscribe to https://status.govcms.support/