En

Drupal官网安全更新(2020-08-05)

来源:Drupal官网 发布日期:2020-08-05 阅读次数:1742 评论:0

基本信息

发布日期:2020-08-05(官方当地时间)

更新类型:安全更新

更新版本:9.0.3

感知时间:2020-08-06 06:11:27

风险等级:未知

情报贡献:TSRC

更新标题

drupal 9.0.3

更新详情

This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9.

Drupal 9.0.x will receive security coverage until June 2, 2021 when Drupal 9.2.0 is released.
If you are upgrading from Drupal 8, read upgrading a Drupal 8 site to Drupal 9 and the 9.0.0 release notes before upgrading to this release.
If your site is on 8.8.x or earlier, you may wish to upgrade to Drupal 8.9.2 instead, and upgrade to Drupal 9 at a later date after preparing your site.
Known issues
Search the issue queue for known issues.
All changes since Drupal 9.0.2

Issue #3136762 by dww, codersukanta, webchick, larowlan: Update.php includes link to 'Put site into maintenance mode' for users without permission to use it
Issue #3163162 by quietone: Fix error in d7 fixture field_config_instance table
Issue #3151096 by dww, jungle: Replace use of whitelist in \Drupal\Core\Utility\ProjectInfo
Issue #3151098 by rik-dev, dww: Replace use of whitelist/blacklist in Big Pipe module
Issue #3139414 by cburschka, mohrerao, pavnish, jungle, ravi.shankar, mondrake, daffie, sja112: [backport] Replace usages of deprecated AssertLegacyTrait::assert(No)Link()
Issue #3160031 by quietone, alexpott, jungle, longwave, jameszhang023: Fix 18 spelling errors for migrate specific terms
Issue #3089495 by andrewmacpherson, Kristen Pol: BooleanCheckboxWidget settings summary is not fully translatable
Issue #3162479 by tedbow, Kristen Pol: Incorrect Drupal\Composer\VendorHardening namespace is used instead of Drupal\Composer\Plugin\VendorHardening
Issue #3142749 by munish.kumar, shaktik, pavnish, sja112, ravi.shankar, Lal_, mondrake, daffie, xjm: AssertLegacyTrait::assertPattern() calls in functional tests still have a message passed in
Issue #3138766 by mohrerao, longwave, sja112, jameszhang023, Lal_, ravi.shankar, jungle, xjm: Fix "Don't" relevant typos in core
Issue #3092551 by amateescu, poojakural, pankaj.singh, priyanka.sahni, shaal, nod_, lauriii: Unclickable area to switch to a workspace
Issue #3153264 by siddhant.bhosale, Hardik_Patel_12, longwave: Remove uses of t() in clickViewsOperationLink(), helperButtonHasLabel() and optionExists() calls
Issue #3161301 by jungle, bbrala, alexpott: Fix typo "existant" in Core
Issue #3162031 by ravi.shankar, Hardik_Patel_12, longwave, catch: [Symfony 5.1] Class "Symfony\Component\HttpKernel\Event\ViewEvent" is declared "final" and cannot be mocked
Issue #3158270 by Hardik_Patel_12, siddhant.bhosale, paulocs: Unused local variables in SelectComplexTest file
Issue #3161992 by Hardik_Patel_12, ravi.shankar, catch, longwave: Since symfony/http-foundation 5.1: The "Symfony\Component\HttpFoundation\Response::create()" method is deprecated, use "new Drupal\Core\Render\HtmlResponse()" instead
Issue #3158589 by bhushan.nagaonkar, brittany.huntzberry, ankithashetty, cilefen, alexpott, davidhernandez, nijolawrence: Improve comment in default.settings.php
Issue #3156040 by Hardik_Patel_12, kiamlaluno, siddhant.bhosale, paulocs: Avoid initializing a local variable to an empty array before adding items to that array
Issue #3155110 by maacl, Mykola Veryha: Update CKEditor to version 4.14.1
Issue #2939645 by quietone, hgoto, dhirendra.mishra, jungle, kostyashupenko, govind.maloo, John Cook, alexpott: The sample batch finished callback function should have the fourth parameter
Issue #3131126 by acbramley, msuthars, tanubansal, Kristen Pol, jungle: Can't show 'revision author' on Block content views
Issue #3113986 by acbramley, msuthars: Can't show 'revision author' on Media views
Issue #2994319 by Ramya Balasubramanian, mohrerao, virajrajankar, benjamindamron, hardikpandya, kalyansamanta, jhodgdon, msankhala, jungle, kkalaskar, dhirendra.mishra, joachim, longwave, amateescu, mradcliffe, alexpott, jcnventura: EntityAutocomplete form element has no docs on how to use it
Issue #3161199 by lauriii, bnjmnm: Remove $no_operator = TRUE from Views BooleanOperator
Issue #3123120 by mondrake, mrinalini9, ridhimaabrol24, longwave, catch: [backport] Properly deprecate AssertLegacyTrait::pass
Issue #3161300 by jungle, TR, Hardik_Patel_12, Chris Burge, longwave, Kristen Pol: Improve test coverage of \Drupal\Tests\layout_builder\Unit\SectionTest::testUnsetThirdPartySetting()
Issue #3128389 by jungle, cliddell, john.oltman, clayfreeman, acbramley: LocaleTranslation is not serializable
Issue #3074595 by Lendude, ravi.shankar, sime, jian he, Kristen Pol, longwave: var_export only returns if the second parameter set to TRUE
Issue #3156879 by alexpott, Krzysztof Domański: \Drupal\Component\Utility\Bytes::toInt() - ensure $size is a number type
Issue #2875807 by Hardik_Patel_12, idebr, Kristen Pol: Drupal::l() / Link::fromTextAndUrl $text documented as string, actually accepts string|array|\Drupal\Component\Render\MarkupInterface
Issue #3157975 by S_Bhandari, paulocs, quietone: Remove Unused variables from Migrate Drupal module
Issue #3158276 by Hardik_Patel_12, kiamlaluno, paulocs: Remove local unused variables from RequestFormatRouteFilterTest.php file
Issue #3155159 by laura.gates, jhodgdon, Kristen Pol: Fix notice at top of generated CSS files from PCSS
Issue #3159982 by nuklive, ultrabob, J2, billywardrop, antojose, daffie, mradcliffe, mcdruid, jungle: AS keyword should be capitalised in SQL queries
Issue #3158281 by paulocs, kiamlaluno, Hardik_Patel_12, greg.1.anderson: Unused local variables from ScaffoldTest.php file
Issue #2348203 by agentrickard, govind.maloo, mohit_aghera, dagmar, init90, Berdir, alexpott, chx, catch, xjm: hook_node_access() no longer fires for the 'create' operation
Issue #3156345 by jungle, S_Bhandari, Hardik_Patel_12, kiamlaluno, alexpott: Remove Unused variable $method_definitions from PathProcessorTest.php file
Issue #3159739 by jungle, Beakerboy, daffie: Avoid directly comparing string to blob in EntityDisplayTest
Issue #3160020 by jungle, ravi.shankar, alexpott, ultrabob: Fix typos "iids, twoa, twob, roota, rootb, parentc" by refactoring
Issue #3122051 by phenaproxima, andrewmacpherson, Kristen Pol: Name field is always shown on media library form display when adding a new remote video media type
Issue #3016038 by dpi, acbramley, jibran, dww, phenaproxima, jungle, Mingsong: Unrecognised entity operation passed to Menu Link Content throws exceptions
Issue #3160124 by jungle, jameszhang023, alexpott: Fix "wiget, escapeable, PHPunit" typos in Core
Issue #3155796 by Hardik_Patel_12, kiamlaluno: Remove Unused variable $node_storage from NodeRevisionsUiBypassAccessTest.php file
Issue #3155462 by andrewmacpherson: Remove landmark region role from Powered-by-Drupal block
Issue #3160169 by jameszhang023: Unused variable $a in \Drupal axonomy\Plugin\Validation\Constraint\TaxonomyTermHierarchyConstraintValidator::validate()
Issue #2728507 by Lendude, Kristen Pol, pameeela: Not selecting an entity type on Config import single leads to a fatal error
Issue #3157919 by ultrabob, Hardik_Patel_12, shaktik, nijolawrence, alexpott, lauriii, Berdir, kiamlaluno: Remove unused variable $node from link module
Issue #3156070 by Hardik_Patel_12, kiamlaluno: Unused local variables from ConfigSchemaTest file
Issue #2934904 by kiamlaluno, ridhimaabrol24, Kristen Pol: Replace protected properties of TempStoreDatabaseTest with local variables
Issue #3085751 by alexpott, Deepak Goyal, rpayanm, longwave, catch, volkerk, kristiaanvandeneynde, dww: [backport] Setter injection arguments are not checked for unmet dependencies
Issue #3159528 by jameszhang023, jungle, longwave: Fix typos: "exeption|gaurd|ouptut|withut|defintion" in core
Issue #3159735 by mstrelan: LegacyProject and RecommendedProject templates still reference Drupal 8 in the description for Drupal 9 branches
Issue #3159531 by jameszhang023, ipumpkin, jungle, longwave: Fix typos: "attibute|uneccesarilly|colletion|constucts|worklow" in core
Issue #3089745 by aleevas, larowlan, dipakmdhrm, pameeela, seycom, joey-santiago, xjm, seanB, rooby: Add focus behaviour for media widget with max elements
Issue #3091309 by tim.plunkett, godotislate, paulocs, thursday_bw, alexpott, TwiiK: Broken context-aware block plugins throw an unexpected exception
Issue #3138749 by jackniu, dww, jungle: Fix "cache" related typos
Issue #3155563 by mcdruid, mrinalini9, Hardik_Patel_12, mondrake, daffie: select query should quote aliases which are reserved words in MySQL
Issue #3159535 by jackniu, jungle, longwave: Fix "finegrained|perfoming|fieldeset" typos in core
Issue #3039991 by amateescu, lpeabody, bgreco, plach: Base field purging is not handling translatable fields correctly
Issue #3156266 by longwave, jungle, siddhant.bhosale, alexpott: Fix 70 spelling mistakes
Issue #2912244 by quietone, heddn, FMB: Document MigrateIdMapInterface
Issue #3047719 by agrochal, shimpy, Manav, jhodgdon, hash6, Sarahphp1, batigolix, alonaoneill, ketansevekari, EricRubino, rkoller: Convert search module hook_help() to topic(s)
Issue #3159382 by Beakerboy: Sort order not specified in view test_view_fieldapi, but results must be ordered by nid
Issue #3151360 by quietone, benjifisher, ToneLoc: Improve description for file paths on the CredentialFrom
Issue #3158292 by Hardik_Patel_12, kiamlaluno: Remove unused variables from FormAjaxResponseBuilderTest.php file
Issue #3159102 by Niklan: Documentation for \Drupal\serialization\RegisterEntityResolversCompilerPass is incorrect
Issue #2942569 hotfix: Sorting nested properties of config entity queries does not work
Issue #3130973 by daffie, plach, Charlie ChX Negyesi: Make the backend overridable service discovery also check the database type for an overridden service
Issue #3156882 by alexpott, johnwebdev, adityasingh, pfrenssen: \Drupal\Core\Render\Element\StatusReport::preRenderGroupRequirements() and \Drupal\user\PermissionHandler::sortPermissions() sorts return bools
Issue #2942569 by seanB, idebr, amateescu, kristiaanvandeneynde: Sorting nested properties of config entity queries does not work
Issue #3126063 by quietone, Wim Leers, DamienMcKenna, benjifisher, alexpott, heddn: Harden SubProcess process plugin
Issue #3040361 by Sam152, jungle, Dylan Donkersgoed, jibran: Moderation state views filter only works on base table entity
Issue #3156883 by alexpott, longwave: \Drupal\Core\Url ensure fragment is not an empty string
Issue #3155765 by naresh_bavaskar: Fixing minor typo in path alias module test files
Issue #3157369 by shaktik, Lendude, alexpott: Use unused variable $filters from DateTimeSchemaTest
Issue #3157933 by S_Bhandari: Remove Unused variables from Views UI module
Issue #3102402 by Hardik_Patel_12, sathish.redcrackle, hash6, himanshu_sindhwani, swatichouhan012, shaktik, idebr, mrinalini9, kishor_kolekar, priyanka.sahni, ambuj_gupta, lauriii, mayurgajar, snehalgaikwad, alexpott, phenaproxima: Remove weight field from Media Library widget when only single media can be attached
Issue #2801929 by Lendude, ridhimaabrol24, Sutharsan, gilles.koffmann, geek-merlin, dawehner: View loses records after adding comment count field
Issue #3112916 by Sam152, ocelotkevin, corneboele, jantoine, yovince, bkosborne: Content Moderation views should join on entity ID
Issue #3154914 by ju.vanderw: Fix grammar usage of singular/plural
Issue #3133516 by quietone, huzooka, phenaproxima, mikelutz: Make every migrate process plugin that provides 'default_value' be able to correctly handle 'NULL' default values
Issue #3155258 by jwilson3, alexpott, lauriii: Use American English spelling of "gray"
Issue #3156123 by andypost: Fix MissingContentEvent see reference
Issue #2988960 by tstoeckler, Kristen Pol: Testing profile's locale.settings config override is not up-to-date
Issue #3157462 by Hardik_Patel_12, sd9121: Fixing comment error in viewAddForm file
Issue #3154858 by kristiaanvandeneynde: Drupal\Core\Config\Entity\Query\Condition::notExists() does not work when parent property is also missing
Issue #3151364 by Charlie ChX Negyesi, amateescu, alexpott, jhodgdon: diacritics are not removed from ǢǣǼǽǮǯ
Issue #3145076 by johnwebdev, Sam152, alexpott: MapItem base fields cannot be uninstalled
Issue #3151975 by daffie, narendra.rajwar27: Replace the database query with an entity query in NodeRevisionsTest
Issue #3153791 by Wim Leers, quietone: Add comment field for 'et' content type to d7 fixture
Issue #3146016 by Beakerboy, daffie: Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order
Revert "Issue #3146016 by Beakerboy, daffie: Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order"
Issue #3146016 by Beakerboy, daffie: Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order
Issue #3124302 by Sam152, seanB: The media library should perform access checks against the revision of the entity being edited
Issue #3154125 by Patrick R., kevinvhengst: Return type of ContentEntityFormInterface::validateForm() seems to be wrong
Issue #3155463 by longwave, quietone, jungle: Fix spelling error in Drupalilter\Plugin\migrate\process\FilterID::getSourceFilterType()
Issue #2521782 by paulmckibben, mparker17, MerryHamster, swentel, yogeshmpawar, caspervoogt, Nikolay Borisov, maebug, jkuma, Saviktor, Wim Leers, catch: HTML head has alternate hreflang links to unpublished translations
Issue #3142893 by hchonov, Raunak.singh, kishor_kolekar, alexpott, tstoeckler, catch, kfritsche, johnwebdev: Memory leak - typed data prototypes for field items are not re-used like intended
Issue #3145412 by pavnish, cburschka, amateescu: Connection::__destruct() can't delete the sqlite file
Issue #2855068 by jian he, larowlan, andypost, mrinalini9, Jody Lynn, himanshu-dixit, LaravZ, jurgenhaas: Can't create comments when comment is a base field
Issue #3089961 by tim.plunkett, Deepak Goyal, Lal_, ravi.shankar, tedbow: assertOffCanvasFormAfterWait() doesn't check for the correct form ID
Issue #2848367 by mlncn, jp.stacey, kunalkursija: Render API overview example of placeholders either incorrect or misleading
Issue #3152390 by munish.kumar, Deepak Goyal, daffie: Bracket-encapsulated field names for static queries in core/tests/Drupal/KernelTests/Core/Database
Release type: Bug fixes

软件描述

Drupal是使用PHP语言编写的开源内容管理框架(CMF),它由内容管理系统(CMS)和PHP开发框架(Framework)共同构成。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入