Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
clientside_validation_jquery/clientside_validation_jquery.libraries.yml file has "execute" permission and checkouts with permissions -rwxr-xr-x (755).
I believe it should not have "execute" permission and should checkout with permissions -rw-r--r-- (644).
Comment | File | Size | Author |
---|---|---|---|
#2 | clientside_validation-file-execute-permission-3073528-2-D8.patch | 191 bytes | asvira |
|
Comments
Comment #2
asvira CreditAttribution: asvira at DrupalSquad commentedComment #4
nikunjkotechaThanks @asvira for reporting and the patch.
Just curious, is there any issue with this permission? Any doc or reference you went through to find this as a vulnerability or issue?
Comment #5
asvira CreditAttribution: asvira at DrupalSquad commented@nikunjkotecha, I don't think there is any real issue, except that human commits the file as non-executable (just because it should be so) and then composer makes file executable (when installing/updating/patching) and it produces additional line about modified file in git status (which requires attention each time).