Add a .htaccess and web.config entry to mitigate against SA-CORE-2018-005

Created on 13 August 2018, over 6 years ago

Updated 4 April 2025, 24 days ago

SA-CORE-2018-005

Add a .htaccess and web.config mitigation.

Patch file needs review.

None

None

None

📌 Task

Status

Needs work

Version

11.0 🔥

Component

base system

Created by

🇦🇺Australia pasan.gamage

Live updates comments and jobs are added and updated live.

Security improvements
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 24 days ago →
🇫🇷France prudloff Lille
Is this still useful? Do we still use libraries that support these headers?

Production build 0.71.5 2024