xsendfile 8.x-1.2

Security update

See Xsendfile - Moderately critical - Access bypass - SA-CONTRIB-2023-053.

This release brings XsendfileImageStyleDownloadController and XsendfileFileDownloadController in line with core controllers.

This module replaces ImageStyleDownloadController and FileDownloadController with its own implementations. Versions of Xsendfile previous to this one (8.x-1.2) don't include the fix for SA-CORE-2023-005.

graphql 8.x-3.4

Security update

Security release of GraphQL fixing a CSRF vulnerability and an access bypass in entity label handling, see:

  1. GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2023-050
  2. GraphQL - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2023-051

We recommend the following additional security measures:

Pages

Subscribe with RSS Subscribe to RSS - Security update