Drupal 9.3.6
18 February 2022
Drupal version 9.3.6 is now available (security release).
Upgrading to Drupal 9.3.6
Drupal 9.3.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 9.3.6 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 9.3.6
Security
- Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003 - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
- Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004 - The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.