- 🇳🇿New Zealand quietone
This was committed to 8.0 and not fixed in 7 so I am updating the version. Also, updated credit, which is always challenging on an older issue with lots of comments.
+FollowSymLinks option in the .htaccess file that comes with Drupal core. This causes an error 500 when accessing the site. When they introduced this policy they automatically converted +FollowSymLinks to +SymLinksIfOwnerMatch. A Drupal upgrade overwrote this change.
Don't set Options +FollowSymLinks in our .htaccess files.
None
If a server 500's because of this setting then people can not even install Drupal.
+FollowSymlinks weakness which leads to security exploits+FollowSymlinks to +SymlinksIfOwnerMatch due to security exploits.FollowSymlinks is insecure and a potentially serious issue.+FollowSymlinks is a security concern. Drupal 6, 7, and 8 core currently use +FollowSymlinks. Attackers who would manage to compromise a confined Drupal website can get full root level access to that server.+FollowSymlinks weakness which leads to security exploits.
+FollowSymlinks to +SymlinksIfOwnerMatch in Drupal core would be a security improvement though. And that can be handled here in this public issue. Any volunteer for a patch?Closed: outdated
8.0 ⚰️
base system
After being applied to the 8.x branch, it should be considered for backport to the 7.x branch. Note: This tag should generally remain even after the backport has been written, approved, and committed.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This was committed to 8.0 and not fixed in 7 so I am updating the version. Also, updated credit, which is always challenging on an older issue with lots of comments.