- Status changed to Closed: outdated
about 1 year ago 11:00pm 12 July 2023 - 🇺🇸United States cmlara
I'm going to close this as outdated, were going to handle this in [#374221].
This was fixed in 8.x-1.x as part of SA-CONTRIB-2023-030.
At the time this issue was opened neither 8.x-1.x nor 2.x was stable, as such this issue complied with the Drupal Security Team(DST) policy regarding when to open an issue in public or private.
Now that I have been added to the modules development team I would request that in the future (even if the DST says an issue may be public) that issues be brought to me privately so that we may evaluate the impact and fix the issues before the public have a chance to exploit them.
Note:
I requested on December 30th 2022 that the DST mark this issue private to allow it to be handled with an official SA since it impacted a known stable version, that action was never taken by the DST.