Contrib.social

Adhere to Drupal's security advisory policy

Open on Drupal.org →
Created on 8 March 2022, about 3 years ago
Updated 28 August 2023, over 1 year ago

Problem/Motivation

This module does not adhere to Drupal's security advisory policy. https://www.drupal.org/security-advisory-policy For a module that works in the field of access control this is significant. It is important that security bugs which are found in this module quickly find their way to all users.

Proposed resolution

Opt into the security advisory coverage.

📌 Task
Status

Active

Version

1.0

Component

Miscellaneous

Created by

🇳🇱Netherlands sutharsan

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • First commit to issue fork.
  • Comment over 1 year ago
    🇩🇰Denmark Stizzi

    +1

    One definitely wants an access related module is "green"

  • Comment over 1 year ago
    🇩🇰Denmark Stizzi

    Perhaps this is a good time to make this module "green".
    Is this module affected by this security hole?

    "As this is an API module, it is only exploitable if a "client" module exposes the vulnerability. Details of some contributed client modules are given below. Custom modules using ACL could also expose the vulnerability.

    This vulnerability is mitigated by the fact that an attacker typically needs an "admin"-type permission provided by one of ACL's client modules."

    ACL - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-034

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024