En

Drupal官网安全更新(2020-04-02)

来源:Drupal官网 发布日期:2020-04-02 阅读次数:776 评论:0

基本信息

发布日期:2020-04-02(官方当地时间)

更新类型:安全更新

更新版本:8.8.5

感知时间:2020-04-03 05:30:03

风险等级:未知

情报贡献:TSRC

更新标题

drupal 8.8.5

更新详情

This is a patch release of Drupal 8 and is ready for use on production sites. Learn more about Drupal 8.

If you are upgrading to this release from 8.7.x or earlier, read the Drupal 8.8.0 release notes before upgrading to this release.
Drupal 8.8.x will receive security coverage until December 2, 2020 when Drupal 9.1.0 is released.
Important update information
This release resolves several upgrade path critical bugs that may have prevented sites from updating from Drupal 8.7 or earlier:
#3052318: Update from 8.6 to 8.7 fails due to corrupt menu_link_content or taxonomy_term entity data
#2917600: update_fix_compatibility() puts sites into unrecoverable state
#3056539: Updating an entity type from non-revisionable to revisionable fails if it has non-revisionable fields stored in dedicated tables
#3056543: taxonomy_post_update_make_taxonomy_term_revisionable() and the menu link content equivalent fail when entities have no default translation
Known issues
Search the issue queue for known issues.
All changes since 8.8.4
#3120494 by longwave, jungle, alexpott: Bump minimist from ^1.2.0 to ^1.2.2
#3122605 by Beakerboy, daffie: EntityResourceTestBase.php uses a static query that should be dynamic
#3122742 by alexpott: Fix PHP 5 tests on 8.7.x
#3113992 by dww, tedbow, xjm, Meenakshi.g, benjifisher, kualee, tim.plunkett, webchick, AaronMcHale, ckrina, shaal, mandclu, klonos, lauriii, Gábor Hojtsy, worldlinemine, alexpott: The 'Update' page has no idea that some updates are incompatible
#3118087 by dww, JoshaHubbers, jungle, tedbow, RajabNatshah, Kingdutch, JonMcL, xjm, Nick Hope, wroehrig, wxman, broeker, mlozano7, kazajhodo, suit4, xmacinfo, BrightBold: If any extension has a missing or invalid version, Update manager throws errors and is confused about site update status
#3119373 by alexpott, BramDriesen: Configuration synchronisation that both enables & configures a module fails and drupal_flush_all_caches()
Merged 8.8.4.
#3066801 hotfix: Add hook_removed_post_updates()
#3103529 by alexpott, mcdruid, Chris Burge, greg.1.anderson, rfay, catch, anavarre, Gábor Hojtsy, jungle: Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution
Revert "Issue #3103529 by alexpott, mcdruid, Chris Burge, greg.1.anderson, rfay, anavarre, catch, Gábor Hojtsy: Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution"
#3094151 by mondrake, swatichouhan012, dhirendra.mishra, ravi.shankar, longwave, alexpott: ExpectDeprecationTrait is not compatible with PHPUnit 8
#3103529 by alexpott, mcdruid, Chris Burge, greg.1.anderson, rfay, anavarre, catch, Gábor Hojtsy: Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution
#3066801 by catch, WidgetsBurritos, alexpott, pobster, jungle, tedbow, tim.plunkett, xjm, dww, benjifisher, webchick, longwave, worldlinemine, Berdir, lauriii
#3119847 by jungle, dww: Fix typos in InfoParserUnitTest and UpdaterTest doc comments
#3105925 by kiamlaluno: The description of the arguments for FieldDefinition::setDisplayOptions() conflicts with what reported in FieldDefinitionInterface::getDisplayOptions()
#3119445 by kiamlaluno, Deepthi kumari: The documentation comment for BanIpManager::__construct() says it constructs the BanSubscriber
#3118581 by kiamlaluno: The documentation for Crypt::randomBytesBase64() is wrong about the output length
Revert "Issue #3103529 by mcdruid, alexpott, Chris Burge, greg.1.anderson, rfay, anavarre, Gábor Hojtsy: Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution"
#3103529 by mcdruid, alexpott, Chris Burge, greg.1.anderson, rfay, anavarre, Gábor Hojtsy: Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution
#2605904 by jmikii, swatichouhan012, kishor_kolekar, willzyx, vacho, Berdir, alexpott: Missing return statement in EntityManager::clearDisplayModeInfo()
#2917600 by tedbow, alexpott, catch, anthonyf, xjm, Alan D., andypost, Berdir, moshe weitzman: update_fix_compatibility() puts sites into unrecoverable state
#2865416 by owenpm3, swatichouhan012, neelam_wadhwani, cilefen: Root README.txt installation profile section links to D7 docs
#3056543 by plach, jungle, Berdir, catch, xjm, amateescu: taxonomy_post_update_make_taxonomy_term_revisionable() and the menu link content equivalent fail when entities have no default translation
#3118439 by kiamlaluno: PrivateKey::__construct() describes itself as "Constructs the token generator."
#3118958 by lauriii: Follow-up to #3102724: CSSLint failure
#3088081 by alexpott, dww, tedbow, xjm: Improve the error message if a nonsense constraint is used in core_version_requirement
#3117188 by dww, Gábor Hojtsy: Change @todo comment in core/modules/update/src/ProjectSecurityData.php to point to a better issue
#3115624 by martijn.cuppens, jungle, JeroenT, greg.1.anderson, Mile23: Scaffolding: Only add root files to gitignore
#3003401 by Sam152: UpdatePathTestBase calls setDatabaseDumpFiles twice, resulting in duplicate fixtures in some scenarios
#3118454 by catch, andypost, xjm, Gábor Hojtsy, mradcliffe, mondrake: Drupal\KernelTests\Core\Database\SelectTest fails on postgres 10
#3052318 by AndyF, mikelutz, andypost, jungle, catch, AbdeI, mr_fenix, crifi, plach, xjm, vuil, amateescu, jedgar1mx, John_B, waverate, alexpott, owenbush, azovsky: Update from 8.6 to 8.7 fails due to corrupt menu_link_content or taxonomy_term entity data
#3118186 by swatichouhan012: Incorrect link for deprecated randomBytes() method description in utility component


drupal-8.8.5.tar.gzRelease file SHA-1 hash: 3ac94168d38f97984fadc1bdd96f815564b60748Release file SHA-256 hash: 8cbb0df82d1a19c085e785952d28bcfe5105b895940fb3cc28846b9c422fc58611e595f6aa42fca4ab4423bff0b09c28



drupal-8.8.5.zipRelease file SHA-1 hash: 0482c8bc06061b785d9281dc72f71e6a7883ed5bRelease file SHA-256 hash: 5dae6ba8f8515089caf91334788bfe3248e22d106421276d8ad668c2bd2611f900160756dddebef13d9f10df34f2b640

VCS Label: 8.8.5Core compatibility: 8.xRelease type: Bug fixesShort description: Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.Packaged Git sha1: cb0cd8079ede8b953ff282eab82aeb2c1f0e667f

软件描述

Drupal是使用PHP语言编写的开源内容管理框架(CMF),它由内容管理系统(CMS)和PHP开发框架(Framework)共同构成。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入