- First commit to issue fork.
- @prudloff opened merge request.
- π«π·France prudloff Lille
I did a quick manual test and I think this is still a concern.
I rebased the patch.
I'm not sure the failing AssetAggregationAcrossPagesTest is related? - π§πͺBelgium borisson_ Mechelen, π§πͺ
I don't see why that test would start failing, and I can't find an issue about it having random failures. Since this a security hardening I think we should move this through.
- π³πΏNew Zealand quietone
This should have a title that has meaning that includes people who only know Drupal 8 and above. As is, the title, and thus the commit message, only makes sense for those that know what Drupal 7 did. Therefor, tagging for a title update.
- πΊπΈUnited States greggles Denver, Colorado, USA
Seems good to add the "why" - it's about extra security through defense in depth
- π§πͺBelgium borisson_ Mechelen, π§πͺ
Removing the tag, title looks great now.
-
longwave β
committed 56fe980b on 11.x
Issue #3302448 by prudloff, alexpott: Always rename dot files regardless...
-
longwave β
committed 56fe980b on 11.x
- Status changed to Downport
9 days ago 9:59pm 19 June 2025 - π¬π§United Kingdom longwave UK
This change makes sense to me and simplifies the code path a bit while making things more secure, so good all round.
Committed 56fe980 and pushed to 11.x. Thanks!
As this is a minor behaviour change, but also a security improvement, I'm on the fence somewhat about backporting to 11.2.x. This is definitely eligible for 10.6.x (and perhaps 10.5.x if we also commit to 11.2.x), but the MR doesn't apply, so marking PTBP so we can decide what to do next here.