Contrib.social

Adhere to Drupal's security advisory policy

Open on Drupal.org β†’
Created on 8 March 2022, over 2 years ago
Updated 28 August 2023, 10 months ago

Problem/Motivation

This module does not adhere to Drupal's security advisory policy. https://www.drupal.org/security-advisory-policy β†’ For a module that works in the field of access control this is significant. It is important that security bugs which are found in this module quickly find their way to all users.

Proposed resolution

Opt into the security advisory coverage.

πŸ“Œ Task
Status

Active

Version

1.0

Component

Miscellaneous

Created by

πŸ‡³πŸ‡±Netherlands Sutharsan

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • First commit to issue fork.
  • Comment 11 months ago β†’
    πŸ‡©πŸ‡°Denmark Stizzi

    +1

    One definitely wants an access related module is "green"

  • Comment 10 months ago β†’
    πŸ‡©πŸ‡°Denmark Stizzi

    Perhaps this is a good time to make this module "green".
    Is this module affected by this security hole?

    "As this is an API module, it is only exploitable if a "client" module exposes the vulnerability. Details of some contributed client modules are given below. Custom modules using ACL could also expose the vulnerability.

    This vulnerability is mitigated by the fact that an attacker typically needs an "admin"-type permission provided by one of ACL's client modules."

    ACL - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-034 β†’

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024