En

Drupal官网安全更新(2021-11-24)

来源:Drupal官网 发布日期:2021-11-24 阅读次数:5066 评论:0

基本信息

发布日期:2021-11-24(官方当地时间)

更新类型:安全更新

更新版本:9.3.0-beta3

感知时间:2021-11-24 22:47:58

风险等级:未知

情报贡献:TSRC

更新标题

drupal 9.3.0-beta3

更新详情

This is a beta release for the next minor (feature) release of Drupal 9. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Beta releases are not recommended for non-technical users, nor for production websites. More information on beta releases.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.
Drupal 9.3.x contains new features, and should be the target for new site development. Drupal 9.2.x will continue to have security support until June 2022. Security support for 9.1.x ends with the release of 9.3.0 on December 8.
Important update information
Updating from Drupal 8
For information on updating from Drupal 8 to Drupal 9, see Upgrading a Drupal 8 site to Drupal 9.
Upgrading from Drupal 7
Drupal 6 and 7 users can continue to migrate to 9.3 directly. The migration paths from Drupal 6 and Drupal 7 to Drupal 9 will remain supported throughout Drupal 9's release cycle.
Dependency updates
This release updates various dependencies in preparation for the 9.3.0 release candidate, including Symfony 4.4.35. Note that the CVE for Symfony 4.4.35 does not affect Drupal core.
+------------------------------------+--------------+------------+
| Production Changes | From | To |
+------------------------------------+--------------+------------+
| symfony/console | v4.4.33 | v4.4.34 |
| symfony/dependency-injection | v4.4.33 | v4.4.34 |
| symfony/deprecation-contracts | v2.4.0 | v2.5.0 |
| symfony/error-handler | v4.4.30 | v4.4.34 |
| symfony/event-dispatcher | v4.4.30 | v4.4.34 |
| symfony/event-dispatcher-contracts | v1.1.9 | v1.1.11 |
| symfony/http-client-contracts | v2.4.0 | v2.5.0 |
| symfony/http-foundation | v4.4.33 | v4.4.34 |
| symfony/http-kernel | v4.4.33 | v4.4.35 |
| symfony/mime | v5.4.0-BETA1 | v5.4.0-RC1 |
| symfony/process | v4.4.30 | v4.4.35 |
| symfony/routing | v4.4.30 | v4.4.34 |
| symfony/serializer | v4.4.33 | v4.4.35 |
| symfony/service-contracts | v2.4.0 | v2.5.0 |
| symfony/translation | v4.4.32 | v4.4.34 |
| symfony/translation-contracts | v2.4.0 | v2.5.0 |
| symfony/validator | v4.4.33 | v4.4.35 |
| symfony/var-dumper | v5.4.0-BETA2 | v5.4.0-RC1 |
| symfony/yaml | v4.4.29 | v4.4.34 |
+------------------------------------+--------------+------------+

+------------------------+--------------+------------+
| Dev Changes | From | To |
+------------------------+--------------+------------+
| composer/spdx-licenses | 1.5.5 | 1.5.6 |
| symfony/phpunit-bridge | v5.4.0-BETA2 | v5.4.0-RC1 |
+------------------------+--------------+------------+
All changes since 9.3.0-beta2:

Drupal 9.3.0-beta3
#3251000 by alexpott, andypost: Update dependencies for 9.1.x/9.2.x/9.3.x/9.4.x
#3032275 by alexpott, dww, bendeguz.csirmaz, tedbow: Create a fault-tolerant method for interacting with links and fields in Javascript tests
#3061074 by longwave, cilefen, chr.fritsch, acbramley, jungle, larowlan: egulias/EmailValidator prior to 2.1.22 allows addresses with a space in the domain part
#3250743 by alexpott, longwave: [PHP 8.1] NumberFieldTest fails
#3184619 by neclimdul, quietone: Fix unreachable logic in UrlGenerator::getRoute
#3247414 by anagomes, Beakerboy: Incorrect docblock types for $statementClass and $statementWrapperClass properties in Connection
#3250482 by quietone, daffie: The docblock of \Drupal\views\Plugin\views\cache\CachePluginBase::cacheSetMaxAge() is wrong
#3250587 by lauriii, bnjmnm: \Drupal\Tests\ckeditor5\FunctionalJavascript\CKEditor5Test::testEditorFileReferenceIntegration fails on PostgreSQL
#3250629 by paulocs, longwave: MockBuilder::setMethods is deprecated in PHPUnit8 and removed from PHPUnit10
#3138078 by mondrake, larowlan, longwave, xjm: [D9.3 beta - w/c Nov 8, 2021] Add a 'void' return typehint to custom assert* methods
#3171570 by kostyashupenko, mherchel: Remove Olivero's custom hard-coding of the image style within article content type's full view mode
#3231040 by alexpott, Anul, longwave, bbrala, catch: (revert) Remove DependencySerializationTrait from JSON API exceptions
#3250349 by alexpott: \Drupal\Core\Datetime\Element\Datelist::processDatelist() does not use trusted callbacks - #date_date_callbacks only partially converted to TrustedCallbackInterface in 9.3.x
#3250335 by alexpott, beatrizrodrigues, paulocs, longwave: #date_date_callbacks is broken in Drupal 9.3
#3221082 by Wim Leers, lauriii, bnjmnm: Build Drupal's CKEditor 5 plugins as part of core's `yarn build`
#3207567 by Spokje, quietone, guilhermevp, yogeshmpawar, daffie, alexpott: Fix Drupal.Commenting.FunctionComment.MissingParamComment
#3248014 by daffie, andypost: [Symfony 6] The Drupal\Tests\media\Kernel\OEmbedIframeControllerTest fails
Back to dev.
Release type: Bug fixesNew features

软件描述

Drupal是使用PHP语言编写的开源内容管理框架(CMF),它由内容管理系统(CMS)和PHP开发框架(Framework)共同构成。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入