Drupal官网安全更新（2023-10-04） | KnowSafe漏洞情报平台

基本信息

发布日期2023-10-04
感知时间2023-10-04
漏洞类型安全更新
风险等级未知
更新版本10.1.5
情报贡献TSRC

更新标题

drupal 10.1.5

更新详情

This is a patch (bugfix) release of Drupal 10 and is ready for use on production sites. Learn more about Drupal 10. Drupal 10.1.x will receive security coverage until June 2024. Important update information If you are updating from Drupal 9, refer to Preparing your site to upgrade to a newer major version for tools you can use to check the Drupal 10 compatibility of modules, themes and sites. Then, upgrade from Drupal 9 to 10. You should also check the Drupal 10.0.0 release notes. Important changes in this release ESLint now allows ES11/ECMAScript 2020 syntax to be used in JavaScript as it is supported by all modern browsers. This affects any code or applications using Drupal core's eslint configuration, as well as the core commit check script. All changes in this release Issue #3390658 by longwave, bbrala: GitLab should retry jobs that fail outside test failures Issue #3391114 by poker10: Remove variables export from test-only job Issue #2031223 by acbramley, Spokje, Berdir, ravi.shankar, smustgrave, larowlan, mondrake, a_c_m: Add linkByHrefExistsExact and linkByHrefNotExistsExact for matching links by href exactly Issue #2894449 by benjy, alexpott, _utsavsharma, B-Prod, benjifisher: Indirect modification of overloaded element with Views responsive table Issue #3384759 by DieterHolvoet, xjm: Return type of NodeInterface::getTitle() should be nullable Issue #3389286 by quietone: Fix spelling of words only misspelled in tests, part 2 Issue #3385620 by fjgarlin, andypost: [GitlabCI] SQLite currently not working Issue #3387772 by Spokje: [random test failure] Random failure in ThrobberTest::testProgressThrobberPosition Issue #3390380 by Spokje: Security update get-func-name (CVE-2023-43646) Issue #3386566 by larowlan, fjgarlin, smustgrave, catch: Add support for 'test only' changes to gitlab CI Issue #3312072 by fjgarlin, penyaskito, markconroy, lauriii, smustgrave, ckrina, Spokje: Display category-related recipes when seeing a recipe full page Issue #3356684 by sumit_saini, acbramley, smustgrave: Generic Revision UI's Revision overview page generates wrong operations/view links for a translation Issue #3362386 by JeroenT, Wim Leers, smustgrave: CKEditor 5 should respect Issue #3375497 by Yujiman85, xjm, joachim: Unclear term 'internal library name' in theme API documentation Issue #3275828 by joachim, quietone, bradjones1, Berdir: document the reason for 'edit' vs. 'update' operations in field and entity access operation name Issue #3386458 by catch, quietone, larowlan, alexpott: Add GenericModuleTestBase and use it to test general module things Issue #3389323 by benjifisher, smustgrave, xjm: Incomplete examples in API docs for the download process plugin Issue #3388365 by catch, larowlan, bbrala, smustgrave: Distribute @group #slow tests between test runners and mark more tests Issue #3329066 by dabblela, quietone, joseph.olstad, smustgrave, catch, JnLuC21, Spokje: Creating a new translation may delete translations with drafts Issue #3381557 by nmangold, lauriii, Wim Leers, joshuami: [DrupalMedia] Formatting lost when attempting to edit media within a list item in CKEditor 5 Issue #3375592 by catch, longwave: [random test failure] Random failure in MigrateBlockContentTranslationTest Issue #3388375 by catch: Run nightwatch tests in parallel Issue #3387706 by catch, fjgarlin: Don't make other tests depend on PHPUnit Issue #3388309 by catch: Only run one postgres version on commit Issue #3387732 by andypost: Add postgresql 15/16 to testing matrix Issue #3387827 by quietone: Fix change record link added in #3231341 Issue #3384725 by acbramley, smustgrave: Add pagination to VersionHistoryController Issue #3378091 by acbramley, lauriii, Gauravvvv: Disabled primary button in views area has grey text on blue background (bad contrast) Issue #3180588 by GuyPaddock, zeeshan_khan, vsujeetkumar, bnjmnm, tstoeckler: "Enforced" Dependencies of Optional Configs Overwrite Other Dependencies Issue #3388049 by catch: Parent jobs are missing interruptible Issue #3386479 by catch, alexpott: Copy less files around in ComponentsIsolatedBuildTest Issue #2706241 by mglaman, Spokje, Chi, DamienMcKenna, JeroenT, ankithashetty, lslinnet, george.karaivanov, Rade, rteijeiro, nplowman, Wim Leers: AccessAwareRouter does not respect HTTP method Issue #3387916 by fjgarlin, Spokje: Each GitLab job exposes user email Issue #3387503 by bbrala: Move Gitlab linting steps to main job Issue #3387400 by andypost, longwave, catch: GitlabCI should fetch less from git Issue #3387589 by catch: Set GitlabCI matrix for Drupal 10.1 to use PHP 8.1 and MySQL 5.7 by default Issue #3387055 by longwave, andypost, fjgarlin: Configure GitLabCI matrix testing Issue #315302 by mstrelan, tacituseu, PaulMagrath, coltrane, yched, DamienMcKenna, quietone: Node Access Rebuild never finishes (infinite loop) Issue #3382447 by gapple, acbramley, nod_, catch: Libraries using jquery_ui assets directly shouldn't duplicate files Issue #3386707 by alexpott, mondrake, longwave: DiffOpOutputBuilder does not correctly match the 10.0.x implementation and produces unexpected output (part 2) Issue #3386233 by yash.rode, cmlara: Returntype incorrect for UnitTestCase::getConfigFactoryStub() Issue #3386937 by Spokje, smustgrave: Remove error suppressions and workarounds for https://bugs.php.net/bug.php?id=50688 Issue #3327118 by Defcon0, acbramley, iSampo, poker10, Nitin shrivastava, catch, fgm, longwave: Chunk multiple cache sets into groups of 100 to avoid OOM/max_allowed_packet issues Issue #3386680 by longwave, fjgarlin: Run jobs on GitLab CI branch tests Issue #3386680 by longwave, fjgarlin: Run jobs on GitLab CI branch tests Issue #3386076 by fjgarlin, catch, longwave, larowlan, mstrelan, el7cosmos, RoSk0, xurizaemon, poker10, alexpott, bbrala, nick_schuch: GitLab CI integration for core Issue #3375494 by Yujiman85, joachim, smustgrave: incorrect sample code in docs for hook_library_info_build Issue #3187314 by Pooja Ganjage, nlisgo, mondrake, longwave: Move BrowserTestBaseTest tests checking WebAssert methods to WebAssertTest Issue #3173103 by TolstoyDotCom, aludescher, smustgrave, J., jonathan1055, TR: False positives when identifying what is a placeholder, for deprecation error Issue #3380624 by danflanagan8, lauriii, ioannis.cherouvim: Toolbar username lazy builder only XSS filters but doesn't escape user display name - stored remote request Issue #3335653 by mherchel, Spokje: commit-code-check.sh doesn't allow optional chaining in JavaScript Issue #3386607 by alexpott: Improve spell checking in commit-code-check.sh Issue #3212579 by quietone, Spokje: Spell check all files if dictionary.txt changes Issue #3386602 by alexpott: Remove incorrect spellings from the dictionary that are no longer in the codebase Issue #3386482 by alexpott, mondrake: DiffOpOutputBuilder does not correctly match the 10.0.x implementation and produces unexpected output Issue #3152561 by lexbritvin, tim.plunkett, EricRondo, TwiiK: Layout Builder jumps to top when removing section/block Issue #3383888 by poker10: Drupal.t() does not respect locale_custom_strings Issue #3291587 by joseph.olstad, lauriii, longwave: Regression fix for (if feasible) uses of the jQuery trim function to use vanillaJS Issue #3326130 by quietone: Add an example to Drupal\migrate\Plugin\migrate\process\SkipOnEmpty doc block Issue #3384436 by smustgrave, quietone, Spokje: Remove redefintion of t() from update-countries.sh Issue #3379522 by finnsky, Gauravvvv, kostyashupenko, smustgrave, Chi: Revert broken flexbox after Branding component creation Issue #3384679 by Gauravvvv, kostyashupenko, neclimdul, PickyOrder, mgifford: aria-current is giving an invalid value Issue #3380107 by acbramley: optionExists throws exception with incorrect type if option doesn't exist Release type:&nbsp;Bug fixes

软件描述

Drupal是使用PHP语言编写的开源内容管理框架（CMF），它由内容管理系统（CMS）和PHP开发框架（Framework）共同构成。

CVE编号

Knowsafe分析

暂无

业界资讯

暂无

来源链接

https://www.drupal.org/project/drupal/releases/10.1.5