Security Advisory

Composer 2.9 is now available, featuring automatic security blocking, CLI repository tools, lock file conflict recovery, and several performance boosts. The update enhances package safety and simplifies workflows for PHP developers. ...more

Jess (xjm) details the handling of “Anemone,” a Drupal core XSS vulnerability fixed in SA-CORE-2025-004. Learn how the Security Team balanced ecosystem impact, sanitized APIs, and coordinated with contrib maintainers. ...more

Drupal issues a security advisory for the Image Sizes module, prompting users to upgrade to version 3.0.2 due to a moderately critical access bypass vulnerability. ...more

Drupal has released a security advisory for the Migrate queue importer module, urging users to upgrade to version 2.1.1 to address a moderately critical CSRF vulnerability. ...more

Drupal has issued a security advisory for the REST & JSON API Authentication module, urging users to upgrade to version 2.0.13 to address a moderately critical access bypass vulnerability. ...more

Mingsong Hu identifies and helps patch a moderately critical CSRF vulnerability in Drupal Symfony Mailer Lite, emphasizing the importance of timely updates for enhanced security. ...more

Drupal Security Team addresses a moderately critical vulnerability in the Coffee module, urging prompt updates for Drupal 10 administrators. ...more

Node Access Rebuild Progressive module faces a security risk with an access bypass vulnerability in versions prior to 2.0.2, prompting immediate updates for Drupal site administrators. ...more

Security alert: CKEditor 4 LTS module for Drupal flagged with a moderately critical Cross Site Scripting vulnerability. ...more

Drupal Core addresses a moderately critical denial of service vulnerability in the Comment module, urging users to update promptly for enhanced security. ...more

Uncover the secrets of Drupal troubleshooting with Bobcares! If Drupal_bootstrap is acting up, this simple guide has the tips you need. Smooth out your Drupal experience effortlessly. ...more

Attention Drupal users! A recent security advisory flags a moderately critical vulnerability in the Mollie for Drupal module. The flaw, related to payment confirmation logic, could expose users to potential exploitation. Discover the recommended updates and secure your online transactions. Read on for essential details on fortifying your Drupal installation against potential risks. ...more