Drupal官网安全更新（2023-11-01）

drupal 10.1.6

This is a patch (bugfix) release of Drupal 10 and is ready for use on production sites. Learn more about Drupal 10.<br/><br/>Drupal 10.1.x will receive security coverage until June 2024.<br/>Important update information<br/>If you are updating from Drupal 9, refer to Preparing your site to upgrade to a newer major version for tools you can use to check the Drupal 10 compatibility of modules, themes and sites. Then, upgrade from Drupal 9 to 10. You should also check the Drupal 10.0.0 release notes.<br/>All changes in this release<br/><br/>Issue #3391702 by pdureau, smustgrave, e0ipso: SDC ComponentElement: Transform slots scalar values to #plain_text instead of throwing an exception<br/>Issue #3040673 by bnjmnm, Gauravvvv, smustgrave, andrewmacpherson, mgifford, shaal: Audit &amp;amp; fix Red asterisk for required fields WCAG contrast minimum<br/>Issue #3305807 by andypost, ChrisPerko, mediabounds, xjm, sorlov, Rishabh Vishwakarma, ilya.no, asad_ahmed, paulocs, Michelle, _pratik_, reenaraghavan, DanChadwick, smustgrave, larowlan, allisonherodevs: Password is null if user has never logged in which causes PHP 8 warning<br/>Issue #3395748 by KarimB, joachim: getSetting()&#39;s documentation should specify what happens when a setting doesn&#39;t exist<br/>Issue #3381877 by AdamPS, smustgrave, viren18febS: Wrong comment display for sites configuring base field display in the UI<br/>Issue #3396574 by Spokje: Exclude copying &#39;core/node_modules&#39; in getCodebaseFinder<br/>Issue #3396197 by alexpott, BramDriesen, borisson_: Config saved during import does not have correct initial values set<br/>Issue #2815829 by godotislate, tim.plunkett, smustgrave, alexpott, xjm, bircher, paulocs: Adding or editing a block through the UI saves the entity twice<br/>Issue #3395692 by _utsavsharma, Chi: Decoupled menus test module declares their dependencies in wrong way<br/>Issue #3331059 by quietone, Wongjn, ameymudras, smustgrave, xjm, alexpott, larowlan: Properly check for block content type in BlockPluginId process plugin<br/>Issue #3274419 by Marios Anagnostopoulos, Shubham Chandra, ravi.shankar, Alex Bukach, alexpott, smustgrave: Make BaseFieldOverride inherit internal property from the base field<br/>Issue #3395431 by acbramley, smustgrave, larowlan: BlockContent JSON:API collection endpoint doesn&#39;t return unpublished block when filtered without administer block content permission<br/>Issue #3392485 by Spokje: Security update postcss (CVE-2023-44270)<br/>Issue #3390969 by quietone, Shyam_Bhatt, smustgrave: Cleanup cspell directives<br/>Issue #3390903 by sakthi_dev, dpi, smustgrave: \Drupal\Core\Queue\QueueInterface::createItem is typehinted as possibly returning bool, but never returns true<br/>Issue #3394450 by larowlan: Improve the failure message from Drupal\KernelTests\Core\DependencyInjection\AutowireTest<br/>Issue #3394220 by claudiu.cristea, catch: Dialog options are not honoured when open a dialog using GET<br/>Issue #3393072 by znerol: Ensure Unit tests in phpass run and remove unneeded LegacyPasswordHashingTest::testInvalidArguments<br/>Issue #3394137 by smustgrave, acbramley: EntityListBuilder should return URL object vs mock<br/>Issue #3387988 by quietone, atul4drupal: Fix @return type, simple fixes<br/>Issue #3388204 by quietone, atul4drupal, xjm: Fix return type in \Drupal\Tests\rest\Functional\ResourceTestBase::recursiveKSort()<br/>Issue #3387950 by quietone, ashley_herodev, smustgrave, xjm: Fix &#39;@return null&#39; return types<br/>Issue #3375843 by lussoluca, e0ipso, smustgrave, DieterHolvoet: Allow other Twig node visitors to modify &#39;display_start&#39; and &#39;display_end&#39;<br/>Issue #3392739 followup by fjgarlin, longwave, catch: _TARGET_DB_TYPE does not exist<br/>Issue #2916306 by TR, quietone, pfrenssen: Use &#34;@return&#34; instead of &#34;@returns&#34;<br/>Issue #3387039 by dinazaur, smustgrave, fjgarlin, nod_: Large placeholders are not processed<br/>Issue #3376927 by catch, lauriii, longwave: Remove even more of the aggregate stale file threshold and state entry<br/>Issue #3351600 by andrew.farquharson, Ranjit1032002, Anybody, sanduhrs, gmateos, smustgrave, Wim Leers, ant1, catch: ckeditor5.dialog.fix.js throws &#34;Uncaught TypeError: event.target.classList is undefined&#34; in Firefox in Drupal 10 with the editor in a modal<br/>Issue #2828706 by smustgrave, Chi, saidatom, dagmar, dawehner, mfb, catch, larowlan, longwave, joshua1234511, Berdir, quietone, FeyP, slip, samiullah, johnwebdev, Primsi, ravi.shankar: ExceptionLoggingSubscriber should not log HTTP 4XX errors using PHP logger channel<br/>Issue #3392739 by fjgarlin: _TARGET_DB_TYPE does not exist<br/>Issue #2032967 by catch, joelpittet, thedavidmeister, alansaviolobo: AssetResolver::getCssAssets() should not try to sort and optimise if $css is empty<br/>Issue #3391991 by Spokje, longwave, greggles: Security update composer/composer (CVE-2023-43655)<br/>Issue #3391137 by poker10: Change references to README.txt in root directory<br/>Back to dev.<br/>Release type:&amp;nbsp;Bug fixes

Drupal是使用PHP语言编写的开源内容管理框架（CMF），它由内容管理系统（CMS）和PHP开发框架（Framework）共同构成。

<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44270">CVE-2023-44270</a></p><p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43655">CVE-2023-43655</a></p>

暂无

暂无

https://www.drupal.org/project/drupal/releases/10.1.6