Automatically closed - issue fixed for 2 weeks with no activity.
Drupal 8 has vendor code which can contain security vulnerabilities if it is in a directory that is web accessible. It would be good to try to move it out of the webroot.
Similarly, in Drupal 7 any /vendor or /libraries files (e.g. from composer_manager or libraries.module) should ideally be placed outside the webroot.
Security review should warn if this is not the case.
Fixed
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Automatically closed - issue fixed for 2 weeks with no activity.