Description
The Drupal project uses the third-party library Archive_Tar, which has released a security improvement that is needed to protect some Drupal configurations.
Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.
The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.
Edited to clarify the nature of the upstream release.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 packagist | | =8.0.0 || =8.0.1 || =8.0.2 || =8.0.3 || =8.0.4 || =8.0.5 || =8.0.6 || =8.1.0 || =8.1.0-beta1 || =8.1.0-beta2 || =8.1.0-rc1 || =8.1.1 || =8.1.10 || =8.1.2 || =8.1.3 || =8.1.4 || =8.1.5 || =8.1.6 || =8.1.7 || =8.1.8 || =8.1.9 || =8.2.0 || =8.2.0-beta1 || =8.2.0-beta2 || =8.2.0-beta3 || =8.2.0-rc1 || =8.2.0-rc2 || =8.2.1 || =8.2.2 || =8.2.3 || =8.2.4 || =8.2.5 || =8.2.6 || =8.2.7 || =8.2.8 || =8.3.0 || =8.3.0-alpha1 || =8.3.0-beta1 || =8.3.0-rc1 || =8.3.0-rc2 || =8.3.1 || =8.3.2 || =8.3.3 || =8.3.4 || =8.3.5 || =8.3.6 || =8.3.7 || =8.3.8 || =8.3.9 || =8.4.0 || =8.4.0-alpha1 || =8.4.0-beta1 || =8.4.0-rc1 || =8.4.0-rc2 || =8.4.1 || =8.4.2 || =8.4.3 || =8.4.4 || =8.4.5 || =8.4.6 || =8.4.7 || =8.4.8 || =8.5.0 || =8.5.0-alpha1 || =8.5.0-beta1 || =8.5.0-rc1 || =8.5.1 || =8.5.10 || =8.5.11 || =8.5.12 || =8.5.13 || =8.5.14 || =8.5.15 || =8.5.2 || =8.5.3 || =8.5.4 || =8.5.5 || =8.5.6 || =8.5.7 || =8.5.8 || =8.5.9 || =8.6.0 || =8.6.0-alpha1 || =8.6.0-beta1 || =8.6.0-beta2 || =8.6.0-rc1 || =8.6.1 || =8.6.10 || =8.6.11 || =8.6.12 || =8.6.13 || =8.6.14 || =8.6.15 || =8.6.16 || =8.6.17 || =8.6.18 || =8.6.2 || =8.6.3 || =8.6.4 || =8.6.5 || =8.6.6 || =8.6.7 || =8.6.8 || =8.6.9 || =8.7.0 || =8.7.0-alpha1 || =8.7.0-alpha2 || =8.7.0-beta1 || =8.7.0-beta2 || =8.7.0-rc1 || =8.7.1 || =8.7.10 || =8.7.2 || =8.7.3 || =8.7.4 || =8.7.5 || =8.7.6 || =8.7.7 || =8.7.8 || =8.7.9 || =8.8.0 || >=8.0.0 <8.7.11 || >=8.8.0 <8.8.1 | 8.7.11, 8.8.1 |
