En

Drupal官网安全更新(2020-05-22)

来源:Drupal官网 发布日期:2020-05-22 阅读次数:1505 评论:0

基本信息

发布日期:2020-05-22(官方当地时间)

更新类型:安全更新

更新版本:9.0.0-rc1

感知时间:2020-05-23 07:00:27

风险等级:未知

情报贡献:TSRC

更新标题

drupal 9.0.0-rc1

更新详情

This is a release candidate for the next major version of Drupal. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This release (as well as 9.0.0-beta3) fixes security vulnerabilities present in 9.0.0-beta2. Sites are urged to upgrade immediately after reading the security announcement and notes below:
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2020-002

Refer to How to prepare your Drupal 7 or 8 site for Drupal 9 for tools you can use to check the Drupal 9 compatibility of modules, themes, and sites. For more information on 9.0.x development, see #3007300: [META] Release Drupal 9 on June 3 2020.
The 9.0.x branch also includes all the latest commits that will be backported to 8.9.x and earlier branches. 9.0.x and 8.9.x have the same APIs and features. The key changes in 9.0.x are:
Deprecated code will be removed.
Dependencies will be updated to new major versions as appropriate.
Platform requirements (supported PHP and database versions) will be increased.
For all other changes, refer to the 8.9.x branch.
Important update information

jQuery was updated to 3.5.1 in 9.0.0-beta3 for the above security advisory, and as a result, 9.0.0-beta2 and earlier have been marked insecure. The jQuery update introduces security fixes that may be disruptive to some modules, themes, or sites that used self-closing HTML tags incorrectly for tags that did not support them (e.g., <div /> instead of <div></div>). For more information, read the change record on the jQuery 3.5 update.

Drupal 7 entity_translation revision migrations for nodes are now supported
Changes to coding standards
The following additional rules have been enabled in the core ruleset since 9.0.0-beta3:
The DrupalPractice.General.ExceptionT rule has been enabled, to ensure that no exception messages are translated. Our conventions for exceptions disallow using the string translation or formatting APIs because they interfere with exception handling and because exception messages that differ from the codebase complicate the debugging process for developers.
Commenting.DocComment.TagGroupSpacing has been enabled for better whitespace formatting of docblocks.
Other important bug fixes
#3100712: Drupal 8.7.10 to 8.8.0 update fails if views have invalid configuration
#3136668: Invalid system.schema key_value entry causes fatal on updating to 8.8.5
#3120731: Incorrect "Drupal already installed" if any database settings are wrong or unsatisfactory
Known issues
#3138421: Chrome 83 cancels jquery.form ajax requests over https
#3137264: Installing drupal/core-composer-scaffold (9.0.0-beta3) with composer causes 'ErrorException stream_context_create()'
#3107155: Discuss lowering SQLite version requirement from 3.26 to 3.22 in Drupal 9
#3107926: Update stylelint to ^13.0.0
All changes since 9.0.0-beta3
#3076447 hotfix by daffie, catch
#3110200 by himanshu_sindhwani, kiamlaluno, tdnshah, xjm: Comments make a reference to filter_process_format(), which no longer exists
#3132964 by jungle, longwave, sja112, dww, xjm, daffie: assertResponse() does not actually support a $message parameter, so stop passing one
#3076447 by quietone, jungle, shaktik, catch, heddn, alexpott: Migrate D7 entity translation revision translations
#3100712 by daffie, tim.plunkett, milindk, StevenPatz, xjm, alexpott, dorficus, tedbow, bircher, marcuschristopher, opdavies: Drupal 8.7.10 to 8.8.0 update fails if views have invalid configuration
#3135310 by alexpott: Remove completely unused 'database_ready' install state logic
#3138731 by jungle, dww: Fix "inheritdoc" typos in core
#3138671 by dww: Fix "incompatitable" typos in core
#3137414 by shaal, dww, Gábor Hojtsy, sja112, codersukanta, jungle, xjm, hestenet, Dries: Remove D8 branding from D9 status report
#2830326 by dww, mpdonadio, cebasqueira, Wim Leers, amateescu, jungle, xjm, daffie, Pasqualle: Broken link to 'Put your site into maintenance mode' on update.php results in WSOD
#3136302 by Webbeh, bnjmnm, catch, xjm: Replace UPDATE.txt with links to d.o documentation
#2937513 by eltori, longwave, klausi, catch, idebr: Fix 'Drupal.Commenting.DocComment.TagGroupSpacing' coding standard
Revert "Issue #3062446 by a.qala: duplicate if statements in "MenuLinkContent.php" on line 151 and 156 - Code Improvement in "Custom Menu Links" module"
#2983452 by ridhimaabrol24, Kwadz, cburschka, jungle, somersoft, julienjoye, dhirendra.mishra, beram, daffie, alexpott: Improve support for SQLite in memory database
#2821499 by jungle, Andy_D, nikitagupta, lomasr, bbombachini, alexpott, andypost, Mile23, quietone, Sophie.SK, mtodor, barone, kuldeep_mehra27, vsujeetkumar, swatichouhan012, jhodgdon: Enable phpcs rule DrupalPractice.InfoFiles.NamespacedDependency
#3135390 by munish.kumar, jungle, mondrake, xjm, daffie: Replace assertions involving calls to is_readable() and is_writeable() on files and directories with PHPUnit assertions
#3137268 by benjifisher, mikelutz, quietone, phenaproxima, heddn: Add benjifisher as a sub-system maintainer for migrate
#3120731 by alexpott, japerry, daffie, codersukanta, rfay, xjm, tim.plunkett, catch, andypost: Incorrect "Drupal already installed" if any database settings are wrong or unsatisfactory
#3136668 by dww, dawehner, pavnish, catch, daffie, alexpott, xjm: Invalid system.schema key_value entry causes fatal on updating to 8.8.5
#3123933 by greg.1.anderson, alexpott, longwave, xjm: Determine whether ComposerProjectTemplatesTest is testing the internet, and if it is, avoid that
#3062446 by a.qala: duplicate if statements in "MenuLinkContent.php" on line 151 and 156 - Code Improvement in "Custom Menu Links" module
#2055851 by andypost, jungle, dawehner, Mac_Weber, sja112, borisson_, fietserwin, init90, Gábor Hojtsy, xjm, effulgentsia, tim.plunkett: Remove translation of exception messages
#3137455 by sja112, mondrake, longwave: AssertLegacyTrait - change links in @trigger_error deprecations to point the relevant change record
Revert Issue #3110669 by quietone, Gábor Hojtsy: Migrate d7 menu language content settings
Release type: Bug fixes

软件描述

Drupal是使用PHP语言编写的开源内容管理框架(CMF),它由内容管理系统(CMS)和PHP开发框架(Framework)共同构成。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入