Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi,
I can't work out what the security issue is that this release fixes. Can anyone explain what the fix was and what the consequence of not upgrading is? I couldn't understand from the release notes whether I needed to worry about this or not.
Thanks for any enlightenment!
Comments
Comment #1
sgabe CreditAttribution: sgabe commentedThe module allows processing of incoming messages by posting data to the
www.example.com/mimemail
path. If you have the Process incoming messages posted to this site option disabled (unchecked, which is the default) under the Advanced settings, an "Access denied" will be displayed by visiting this path on your site, so you are safe. Otherwise if you don't upgrade, an attacker may be able to post messages to your site. The consequence depends on how are you using this feature (what are you doing with the messages).Comment #2
sgabe CreditAttribution: sgabe commented