En

Drupal官网安全更新(2021-04-07)

来源:Drupal官网 发布日期:2021-04-07 阅读次数:6360 评论:0

基本信息

发布日期:2021-04-07(官方当地时间)

更新类型:安全更新

更新版本:7.79

感知时间:2021-04-07 19:04:50

风险等级:未知

情报贡献:TSRC

更新标题

drupal 7.79

更新详情

Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).
No security fixes are included in this release.
This release is the first where D7 core's test suite passes tests in PHP 8.0. However, there may be remaining problems with PHP 8 in core, and it's very likely that there are problems in contrib. Please test, and report any problems in the appropriate issue queue.
No changes have been made to the .htaccess, web.config or robots.txt files in this release, so upgrading custom versions of those files is not necessary.
There are multiple changes in default.settings.php
Major changes since the last release:

Support for SameSite attribute on cookies
Avoid field storage write when field content did not change - potentially significant performance improvement which is opt-in for existing sites
Password reset confirmation form changes
New PHP Warning emitted in PHP 8 when a database rollback is attempted with no active transaction in MySQL
UI text change: Images must be smaller than !max pixels - n.b. translation impact
Removed updateCallback and errorCallback parameters from the progress bar

All changes:

#2842762 by Liam Morland, cafuego, jenlampton, ZenDoodles: Call to undefined function drupal_get_path_alias() in url()
#3175678 by ennorehling: Trying to access array offset on value of type bool in menu_get_active_breadcrumb()
#2400287 by hass, cutesquirrel, borisson_, rteijeiro, aerozeppelin, yuriy.babenko, cyb.tachyon, pfrenssen, deanflory, webchick, David_Rothstein, cilefen, aspilicious, netbek, stefan.r, moshe weitzman, nod_, minakshiPh, pandaski: Remove all occurences of sourceMappingURL and sourceURL when JS files are aggregated
#3008166 by joseph.olstad, alexpott, catch, cilefen, xjm: Unnecessary looping in filter_xss() when processing attributes
#3007719 by solideogloria, TR: Trailing space in menu.inc
#3206429 by Taran2L, chmez: [PHP 8] test failures in Drupal error handlers
#3206438 by Ayesh: [PHP 8] deprecated functions in OpenID
#3206431 by Taran2L: [PHP 8] test failures in User administration
#3206428 by Taran2L: [PHP 8] test failures in Form element validation
#3200708 by Taran2L, mcdruid, Fabianx: [PHP 8] Error: User-supplied statement does not accept constructor arguments in PDO->prepare()
#3204161 by mcdruid, alexpott, catch, Charlie ChX Negyesi, mondrake, Mile23, andypost: MySQL on [PHP 8] now errors when committing or rolling back when there is no active transaction
#1079116 by jenlampton, fearlsgroove, ryan.gibson, Gribnif, snehi, hi_ten_ja, David_Rothstein, joachim, Matt V., mgifford, webservant316, lomasr, manishmittal9, mahalingam_cs, Algarte, webchick: Inaccurate text: Images must be smaller than !max pixels
#3051721 by MustangGB, izmeez, joseph.olstad, nod_, Niklas Fiekas, Tor Arne Thune, sun, xjm: Remove dead code from ajax.js: progress.upload_callback, progress.error_callback
#3185918 by MustangGB, Taran2L, Ayesh, fgm: [PHP 8] Fix DatabaseConnection::query signature mismatch with PDO::query
#3156847 by Ayesh, Taran2L, sjerdo: [PHP 8] Parameter order fixes
#3200407 by Taran2L, longwave, Ayesh, sjerdo: [PHP 8] ArgumentCountError: Too few arguments to function _drupal_error_handler() and friends
#2803921 by roderik, mcdruid, aerozeppelin, David_Rothstein, drumm, pwolanin, locokiter, greggles, cilefen, Fabianx: A valid one-time login link may be leaked by the referer header to 3rd parties
#3170525 by mcdruid, nullkernel, simonholt83, MustangGB, Znak, axle_foley00, Fabianx, akorkot, cilefen, thalemn, Ayesh, ressa, finne: Set samesite cookie attribute for PHP sessions
#2470619 by mcdruid, pounard, hosef, heddn, DamienMcKenna, boyan.borisov, joelpittet, Fabianx, joseph.olstad, MustangGB, izmeez, oadaeh, joshmiller, marcingy, mikeytown2, discipolo, amateescu, Jordan Samouh, das-peter, ndobromirov, quietone, Ronino, mxr576, David_Rothstein, potop, dreamer777, btully: Do not attempt field storage write when field content did not change
#3195939 by mcdruid: hardening of destructor in Archive_Tar
Release type: Bug fixesNew features

软件描述

Drupal是使用PHP语言编写的开源内容管理框架(CMF),它由内容管理系统(CMS)和PHP开发框架(Framework)共同构成。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入