SA-CORE-2023-005 might apply to avif module

Created on 26 June 2023, over 1 year ago

Updated 4 October 2023, about 1 year ago

Problem/Motivation

SA-CORE-2023-005 → fixes a security issue in ImageStyleDownloadController.
The avif module overrides this controller, so it probably needs to apply the same fix.

Proposed resolution

The patch from 🐛 SA-CORE-2023-005 fix probably needs to be applied similarly on WebP module's code Needs review can probably be adapted to avif.

🐛 Bug report

Status

Closed: outdated

Version

1.0

Component

Code

Created by

🇫🇷France prudloff Lille

Live updates comments and jobs are added and updated live.

Security
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Comments & Activities

Issue created by @prudloff
Comment about 1 year ago →
🇦🇺Australia mstrelan
Probably simpler to run with 📌 Simplify ImageStyleDownloadController by decorating core Needs review instead.
Status changed to Closed: outdated about 1 year ago3:19am 4 October 2023
Comment about 1 year ago →
🇦🇺Australia mstrelan
This is no longer applicable since 📌 Simplify ImageStyleDownloadController by decorating core Needs review .

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024