storage_api 7.x-1.6

Install

Works with Drupal: 7.x

Using Composer to manage Drupal site dependencies

Downloads

Download tar.gz 50.27 KB

MD5: d2b4dddd5ff00b20997b3baafc0f074e

SHA-1: 6250a7dc66ef8e39bb669e821e6ec36010e54652

SHA-256: 38a0e6e32581368bb40f2ff1354c1592e418d7619fe00b84525ffd8fa412fd32

Download zip 66.5 KB

MD5: 68be922faa922d05d97a725dc3379abf

SHA-1: 885d89d2d2b8f3af99776767c877e68a1d733539

SHA-256: 70728bc8f8fbb3adf92c0f4135b40abba46c38e5997f74a64bb2e77e883ef665

Release notes

This is a security release, see SA-CONTRIB-2014-074

The module creates an .htaccess file in the files directory to prevent code execution, but copied the Drupal core file and wasn't updated to include the improved file contents after SA-CORE-2013-003.

This vulnerability is mitigated by the fact that it only relates to a defense in depth mechanism, and sites would only be vulnerable if they are hosted on a server which contains code that does not use protections similar to those found in Drupal's file API to manage uploads in a safe manner.

Versions affected:
Storage API 7.x-1.x versions prior to 7.x-1.6.

Created by: Andre-B
Created on: 30 Jul 2014 at 16:18 UTC
Last updated: 2 Aug 2018 at 04:56 UTC

7.x-1.6

Security update

Insecure

Unsupported

Other releases

View usage statistics for this release

storage_api 7.x-1.6

Install

Downloads

Release notes

Other releases

News items

Our community

Documentation

Drupal code base

Governance of community