SA-CORE-2023-005 fix probably needs to be applied similarly on WebP module's code

Created on 4 May 2023, over 1 year ago
Updated 31 August 2023, over 1 year ago

Problem/Motivation

I noticed that SA-CORE-2023-005 makes changes in FileDownloadController and its subclass ImageStyleDownloadController. The WebP module replaces these controllers with similar ones. It seems to me that they need to have a same fix applied to prevent a security issue.

Steps to reproduce

Unknown.

Proposed resolution

I assign the issue to myself as I'll propose a patch.

Remaining tasks

Do a patch by applying the same kind of change than in core.

User interface changes

None.

API changes

None.

Data model changes

None.

🐛 Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

🇫🇷France GaëlG Lille, France

Live updates comments and jobs are added and updated live.
  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024