1.16.0 Release

Drupal Core update

• from 8.9.13 to 8.9.14

Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.

Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

See: https://www.drupal.org/sa-core-2021-002

Comments

It addresses a recent critical security advisory issued by Drupal.org. GovCMS assessed this risk as it applied to D8 distribution.

Deployment is scheduled from 28 April 2021 and will be conducted throughout the daytime and into the evening. No outages are expected to websites during the deployment process.

The GovCMS D8 distribution will continue to be supported after this update.

Modules deprecated/removed

• n/a

More information

If you have any concerns, raise a ticket at https://www.govcms.support, alternatively subscribe to https://status.govcms.support/ for information on updates to the GovCMS platform

1.15.0 Release

Modules update

• Mailsystem from 8.x-4.1 to 8.x-4.3
• Redirect from 8.x-1.3 to 8.x-1.6
• Search_API from 8.x-1.6 to 8.x-1.19
• Search_API_attachments from 8.x-1.0-beta16 to 8.x-1.0-beta17
• Search_API_Solr from 8.x-3.9 to 8.x-4.1.11
• Webform from 8.x-5.13 to 8.x-5.25

Comments

It addresses a recent critical security advisory issued by Drupal.org. GovCMS assessed this risk as it applied to D8 distribution. Subsequently the security risk was downgraded to moderately critical.

Deployment is scheduled on 31 March 2021 and will be conducted throughout the daytime and into the evening. No outages are expected to websites during the deployment process.

The GovCMS D8 distribution will continue to be supported after this update.

Modules deprecated/removed

• n/a

Important reminder for projects with configuration management enabled

Do not import any out of date configurations of these modules. This will cause fatal errors to your websites. Once the deployment is completed you will need to export the new configurations files and commit them back to master. Deployments to all websites should be completed by 6am Thursday 1 April 2021, you can confirm this at https://status.govcms.support/.

More information

If you have any concerns, raise a ticket at https://www.govcms.support, alternatively subscribe to https://status.govcms.support/ for information on updates to the GovCMS platform

1.14.0 Release

Drupal Core update

• from 8.9.11 to 8.9.13

The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:CVE-2020-36193

Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them. See: https://www.drupal.org/sa-core-2021-001

Modules update

• captcha from 8.x-1.0-beta1 to 8.x-1.1
• components from 8.x-2.0-beta3 to 8.x2.2
• encrypt from 8.x-3.0-rc2 to 8.x-3.0
• galogin from 8.x-1.0-alpha4 to 1.0-alpha6
• inline entity form from 8.x-1.0-rc7 - to 8.x-1.0-rc8
• linkit from 8.x-5.0-beta9 to 8.x-6.0-beta12
• media_entity_file_replace from 8.x1.0-beta2 to 8.x-1.0-beta3
• page_manager from 8.x-4.0-beta4 to 8.x-4.0-beta6
• swiftmailer from 8.x-2.0-beta1 to 8.x-2.0
• two_factor_authentication from 8.x-1.0-alpha4 to 8.x-1.0-alpha7
• username_numeration-prevention from 8.x-1.0-beta2 to 8.x-1.1

Comments

It addresses a recent critical security advisory issued by Drupal.org. GovCMS assessed this risk as it applied to D8 distribution. Subsequently the security risk was downgraded to moderately critical.

Deployment is scheduled from 24 February 2021. No outages are expected to websites during the deployment process.

The GovCMS D8 distribution will continue to be supported after this update.

More information

If you have any concerns, raise a ticket at https://www.govcms.support, alternatively subscribe to https://status.govcms.support/

1.13.0 Release

Drupal core updated:

From 8.9.9 to 8.9.11

Module updated (1):

• login_security from 1.5 to 2.0

Bug fixed (1):

• Context module - Error: Call to a member function getCacheTags

1.12.0 Release

Drupal core update:

From 8.9.7 to 8.9.9

Bug fixed (1):

• Context module (Error: Call to a member function getCacheTags)

1.11.0 Release

PHP version update

From 7.3 to 7.4

Drupal core update

8.9.7

Modules updated (12)

1. components 2.0-beta3
2. config_update 1.7
3. consumers 1.11
4. context 8.x-4.0-beta5
5. ctools 8.x-3.4
6. devel 4.0.1
7. dynamic_entity_reference 1.10
8. entity_embed 1.1
9. govcms_dlm 8.x-1.4
10. honeypot 2.0.1
11. seckit 2.0
12. Swiftmailer 8.x-2.0-beta1

Bug fixed (1)

1. Undefined index: include_images in FormHelper.php

1.10.0 Release

Modules updated (10)

1. Chosen 2.9.0
2. Diff 8.x-1.0
3. Display Suite 8.x-3.9
4. Entity Browser 8.x-2.5
5. Entity Reference Revisions 8.x-1.8
6. Environment Indicator 4.0.0
7. Inline Entity Form 8.x-1.0-rc7
8. Linked Field 8.x-1.3
9. Scheduled Transitions 2.0.0
10. Simple Sitemap 3.7

New module (1)

1. Big menu 2.0.0-rc1

1.9.0 Release

Drupal core update:

Drupal 8.9.6

1.8.0 Release

Drupal core updated:

Drupal 8.9.3

Modules updated (4):

• key 1.14
• menu_block 1.6
• real_aes 2.3
• shield 1.4

New feature (1):

• Allow themes to alter widgets (per drupal 7)

1.7.0 Release

Drupal core updated:

Drupal 8.9.2

Bugs fixed (1):

• Menu link changes are causing an error with Scheduled Transition module is enabled

Modules updated (5):

• admin_toolbar to 2.3.0
• adminimal_admin_toolbar to 1.11
• focal_point to 1.4
• pathauto to 1.8
• robotstxt to 1.4

New features (1):

• TFA email method