Drupal 9.3.12
21 April 2022
Drupal version 9.3.12 is now available (security release).
Upgrading to Drupal 9.3.12
Drupal 9.3.12 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 9.3.12 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 9.3.12
Security
- Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008 - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. We do not know of affected forms within core itself, but contributed and custom project forms could be affected. Installing this update will fix those forms.
- Drupal core - Moderately critical - Access bypass - SA-CORE-2022-009 - Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.