search

pantheon-systems / drops-8

Pantheon Upstream for Drupal 8 Sites. Deprecated; please see https://github.com/pantheon-upstreams/drupal-composer-managed
GNU General Public License v2.0
80 stars 117 forks source link

Update to Drupal 9.5.10. For more information, see https://www.drupal.org/project/drupal/releases/9.5.10 #432

Closed pantheon-upstream closed 9 months ago

pantheon-upstream commented 1 year ago

Update from Drupal 9.1.0 to Drupal 9.5.10.

This is experimental. Do not merge.

guardrails[bot] commented 1 year ago

:warning: We detected 11 security issues in this pull request:

Hard-Coded Secrets (1)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Secret Keyword**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/user/config/install/user.mail.yml#L34 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#SecretKeyword) More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr). ---
Information Disclosure (1)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Use of phpinfo()**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/system/src/Controller/SystemInfoController.php#L62 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/information-disclosure.html?utm_source=ghpr#phpinfo-use) More info on how to fix Information Disclosure in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/information-disclosure.html?utm_source=ghpr). ---
Insecure Access Control (1)
Severity | Details | Docs :-: | :-- | :-: Low | Title: **Insecure HTTP redirect**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/.ht.router.php#L29 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_access_control.html?utm_source=ghpr#http-redirect-gr) More info on how to fix Insecure Access Control in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_access_control.html?utm_source=ghpr). ---
Insecure Processing of Data (2)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Unescaped user input in HTML**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.es6.js#L652 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.lang.taint-frontend-html-injection) Medium | Title: **Unescaped user input in HTML**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.js#L291 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.lang.taint-frontend-html-injection) More info on how to fix Insecure Processing of Data in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr). ---
Insecure Use of Dangerous Function (6)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.admin.es6.js#L328 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.admin.es6.js#L737 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.admin.js#L184 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.admin.js#L386 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/themes/olivero/js/second-level-navigation.es6.js#L81 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/themes/olivero/js/second-level-navigation.js#L38 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) More info on how to fix Insecure Use of Dangerous Function in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

pantheon-upstream commented 9 months ago

Superseeded by #433.