Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance.
The Migrate queue importer module enables you to create cron migrations(configuration entities) with a reference towards migration entities in order to import them during cron runs.
The module doesn't sufficiently protect against Cross Site Request Forgery
under specific scenarios allowing an attacker to enable/disable a cron migration.
This vulnerability is mitigated by the fact that an attacker must know the
id of the migration.
Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider Authentication, etc.
The module doesn't sufficiently control user access when using Basic Authentication.
The Email Contact module provides email field display formatters that can display the field as a link to the contact form, or as an inline contact form.
The module does not sufficiently handle restricted entity or field access to the mail sending form, when the "Email contact link" formatter is used.
This vulnerability is mitigated by the fact that it requires the "Email contact link" formatter to be used.
The Rest views module lets site admins create rest exports in views with additional options for serializing data.
This module does not accurately check access and may expose paths to unpublished content.
This vulnerability is mitigated by the fact that there must be a specific content structure to expose.
Paths to unpublished entities (such as nodes) will be exposed if those entities are referenced from other entities listed in a REST display, and the reference field on those listed entities is displayed with the "Entity path" formatter.
Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications.
This module doesn't sufficiently protect access to the settings form, allowing an unauthorized malicious user to view and modify the module settings.
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
Writing secure code
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal Steward
Drupal Steward is a web application firewall product that can protect your Drupal sites from highly critical and mass exploitable vulnerabilities, allowing you to update on your own time.