En

Drupal官网安全更新(2020-05-22)

来源:Drupal官网 发布日期:2020-05-22 阅读次数:1511 评论:0

基本信息

发布日期:2020-05-22(官方当地时间)

更新类型:安全更新

更新版本:8.9.0-rc1

感知时间:2020-05-23 07:30:26

风险等级:未知

情报贡献:TSRC

更新标题

drupal 8.9.0-rc1

更新详情

This is a release candidate for the next minor version (feature release) of Drupal 8. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This release (as well as 8.9.0-beta3) fixes security vulnerabilities present in 8.9.0-beta2. Sites are urged to upgrade immediately after reading the security announcement and notes below:

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2020-002


This minor release provides new improvements without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.
Minor releases may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.
Drupal 8.9 is the final minor release of the 8.x series. It is a long-term support (LTS) version, and will be supported until November 2021. It also provides the same public API as Drupal 9.0 aside from deprecated code. For more information on the upcoming Drupal 9 release, read the Drupal 9.0.0-rc1 release notes.
Important update information

jQuery was updated to 3.5.1 in 9.0.0-beta3 for the above security advisory, and as a result, 9.0.0-beta2 and earlier have been marked insecure. The jQuery update introduces security fixes that may be disruptive to some modules, themes, or sites that used self-closing HTML tags incorrectly for tags that did not support them (e.g., <div /> instead of <div></div>). For more information, read the change record on the jQuery 3.5 update.

Changes to coding standards
The following additional rules have been enabled in the core ruleset since 9.0.0-beta3:

The DrupalPractice.General.ExceptionT rule has been enabled, to ensure that no exception messages are translated. Our conventions for exceptions disallow using the string translation or formatting APIs because they interfere with exception handling and because exception messages that differ from the codebase complicate the debugging process for developers.
Drupal.Commenting.DocComment.TagGroupSpacing has been enabled for better whitespace formatting of docblocks.

Other important bug fixes

#3076447: Migrate D7 entity translation revision translations
#3100712: Drupal 8.7.10 to 8.8.0 update fails if views have invalid configuration
#3136668: Invalid system.schema key_value entry causes fatal on updating to 8.8.5
#3120731: Incorrect "Drupal already installed" if any database settings are wrong or unsatisfactory

Known issues

#3138421: Chrome 83 cancels jquery.form ajax requests over https

All changes since 8.9.0-beta3

#3076447 hotfix by daffie, catch
#3110200 by himanshu_sindhwani, kiamlaluno, tdnshah, xjm: Comments make a reference to filter_process_format(), which no longer exists
#3132964 by jungle, longwave, sja112, dww, xjm, daffie: assertResponse() does not actually support a $message parameter, so stop passing one
#3076447 by quietone, jungle, shaktik, catch, heddn, alexpott: Migrate D7 entity translation revision translations
#3100712 by daffie, tim.plunkett, milindk, StevenPatz, xjm, alexpott, dorficus, tedbow, bircher, marcuschristopher, opdavies: Drupal 8.7.10 to 8.8.0 update fails if views have invalid configuration
#3135310 by alexpott: Remove completely unused 'database_ready' install state logic
#3138731 by jungle, dww: Fix "inheritdoc" typos in core
#3126965 by jungle, quietone, longwave, mondrake, dww, sja112, xjm: [backport] Replace assert* involving count() and an integer literal with assertCount()
#2830326 by dww, mpdonadio, cebasqueira, Wim Leers, amateescu, jungle, xjm, daffie, Pasqualle: Broken link to 'Put your site into maintenance mode' on update.php results in WSOD
#3136302 by Webbeh, bnjmnm, catch, xjm: Replace UPDATE.txt with links to d.o documentation
#3137713 by mohrerao, jyotimishra123, benjifisher, mikelutz, andypost: Update deprecation notices in NodeNewComments constructor
#3113077 by mondrake, sja112, Hardik_Patel_12, Neslee Canil Pinto, prabha1997, swatichouhan012, neelam_wadhwani, shaktik, Berdir, xjm, longwave, alexpott: [backport] Replace assertContains() on strings with assertStringContainsString() or assertStringContainsStringIgnoringCase()
Revert "Issue #3062446 by a.qala: duplicate if statements in "MenuLinkContent.php" on line 151 and 156 - Code Improvement in "Custom Menu Links" module"
#3135390 by jungle, munish.kumar, xjm, longwave, mondrake, daffie: Replace assertions involving calls to is_readable() and is_writeable() on files and directories with PHPUnit assertions
#2055851 by andypost, sja112, jungle, dawehner, Mac_Weber, borisson_, fietserwin, xjm, init90, Gábor Hojtsy, effulgentsia, tim.plunkett: [backport] Remove translation of exception messages
#3137268 by benjifisher, mikelutz, quietone, phenaproxima, heddn: Add benjifisher as a sub-system maintainer for migrate
#3120731 by alexpott, japerry, daffie, codersukanta, rfay, xjm, tim.plunkett, catch, andypost: Incorrect "Drupal already installed" if any database settings are wrong or unsatisfactory
#3136668 by dww, dawehner, pavnish, catch, daffie, alexpott, xjm: Invalid system.schema key_value entry causes fatal on updating to 8.8.5
#3123933 by greg.1.anderson, alexpott, longwave, xjm: Determine whether ComposerProjectTemplatesTest is testing the internet, and if it is, avoid that
#3062446 by a.qala: duplicate if statements in "MenuLinkContent.php" on line 151 and 156 - Code Improvement in "Custom Menu Links" module
#3137455 by sja112, mondrake, longwave: AssertLegacyTrait - change links in @trigger_error deprecations to point the relevant change record
Revert "Issue #3110669 by quietone, ravi.shankar: Migrate d7 menu language content settings"
Release type: Bug fixesNew features

软件描述

Drupal是使用PHP语言编写的开源内容管理框架(CMF),它由内容管理系统(CMS)和PHP开发框架(Framework)共同构成。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入