Newsfeed-Generator

Beginn:  2025-01-15 17:00 - 21:00 Europa/Berlin Organizers:  jcnventura baddysonja Event type:  Drupal 8 Release Party

Drupal CMS Launch Party @ 1xINTERNET office
Seelenberger Str. 2
60489 Frankfurt

2025.01.15 >=17:00

*** English version below ***

Die Drupal User Group Rhein-Main feiert einen Meilenstein der Webentwicklung: Den Launch von Drupal CMS!

»Drupal CMS« – das gibt es doch schon seit 25 Jahren? … Oder?
Nicht ganz! Drupal Core ist eigentlich ein Content-Management-Framework, das zwar auch als Grundlage für ein CMS dienen kann, aber im Kern sehr viel mehr bietet.

Das neue Drupal CMS (Projektname: Starshot) ist eine benutzerfreundliche, vorgefertigte Version von Drupal. Es punktet mit smarten Standardeinstellungen und einer intuitiven Benutzeroberfläche – ideal für schnelleres Site-Building und einen nahtlosen Einstieg. Im Gegensatz dazu ist Drupal Core die minimalistische, flexible Basisplattform, die Entwickler*innen maximale Anpassungsmöglichkeiten bietet, jedoch keine vorkonfigurierten Features oder Designs mitbringt.

Am 15. Januar 2025 ab 17:00 Uhr laden wir euch zu einem inspirierenden Abend ein, an dem Innovation, Networking und Austausch im Mittelpunkt stehen. Gemeinsam tauchen wir in die Erfolgsgeschichte eines der weltweit leistungsstärksten Content-Management-Systeme ein und feiern das neue Produkt.

Trefft Gleichgesinnte, teilt eure Erfahrungen und stoßt mit uns an auf eine Plattform, die die Art und Weise, wie wir das Web gestalten, revolutioniert hat. Dieser Abend bietet die perfekte Gelegenheit, Neues zu lernen, Ideen auszutauschen und Teil einer inspirierenden Community zu sein – oder zu werden.

Verpasst nicht diesen besonderen Moment in der Geschichte von Drupal.

Bitte melde Dich damit wir besser planen können.

The Drupal User Group Rhein-Main is celebrating a milestone in web development: The Launch of Drupal CMS!

»Drupal CMS« – isn't that around for like 25 years, is it?
Not quite! The well known Drupal core is more of a content management framework, which can serve as the base for a CMS, but at its heart has more to offer.

The new Drupal CMS (working title: Starshot) is a user-friendly, pre-configured version of Drupal. It stands out with smart defaults and an intuitive user interface - ideal for fast site building and a seamless start. Contrary, the Drupal Core is the minimalistic and flexible base platform that offers developers the full range of adaptability without pre-configured features.

On January 15th 2025 we invite you to an inspiring evening which centers around innovation, networking and exchange. Together we dive into the success story of one of the most powerful CMS and celebrate the new product.

Meet like-minded people, share your experiences and toast with us to a platform which revolutionised the way we design the web. This evening is the perfect opportunity to learn something new, exchange ideas, to be part of this wonderful community - or to become it.

Don't miss out on this special moment in history.

Please rsvp so we can plan ahead.

Beginn:  2025-01-15 18:30 - 20:30 Europa/Berlin Organizers:  martinalewis mlkstff rogerpfaff Event type:  User group meeting

https://www.drupal.org/community/events/drupal-cms-launch-party-munich-2...

*** English version below ***

Die Drupal User Group München feiert einen Meilenstein der Webentwicklung: Den Launch von Drupal CMS!

»Drupal CMS« – das gibt es doch schon seit 25 Jahren? … Oder?
Nicht ganz! Drupal Core ist eigentlich ein Content-Management-Framework, das zwar auch als Grundlage für ein CMS dienen kann, aber im Kern sehr viel mehr bietet.

Das neue Drupal CMS (Projektname: Starshot) ist eine benutzerfreundliche, vorgefertigte Version von Drupal. Es punktet mit smarten Standardeinstellungen und einer intuitiven Benutzeroberfläche – ideal für schnelleres Site-Building und einen nahtlosen Einstieg. Im Gegensatz dazu ist Drupal Core die minimalistische, flexible Basisplattform, die Entwickler*innen maximale Anpassungsmöglichkeiten bietet, jedoch keine vorkonfigurierten Features oder Designs mitbringt.

Am 15. Januar 2025 ab 18:00 Uhr laden wir euch zu einem inspirierenden Abend ein, an dem Innovation, Networking und Austausch im Mittelpunkt stehen. Gemeinsam tauchen wir in die Erfolgsgeschichte eines der weltweit leistungsstärksten Content-Management-Systeme ein und feiern das neue Produkt.

Trefft Gleichgesinnte, teilt eure Erfahrungen und stoßt mit uns an auf eine Plattform, die die Art und Weise, wie wir das Web gestalten, revolutioniert hat. Dieser Abend bietet die perfekte Gelegenheit, Neues zu lernen, Ideen auszutauschen und Teil einer inspirierenden Community zu sein – oder zu werden.

Verpasst nicht diesen besonderen Moment in der Geschichte von Drupal.

Bitte melde Dich über LinkedIn oder Meetup an, damit wir besser planen können.
https://www.meetup.com/munchen-drupal-user-group-meetup/events/305146338

The Drupal User Group Munich is celebrating a milestone in web development: The Launch of Drupal CMS!

»Drupal CMS« – isn't that around for like 25 years, is it?
Not quite! The well known Drupal core is more of a content management framework, which can serve as the base for a CMS, but at its heart has more to offer.

The new Drupal CMS (working title: Starshot) is a user-friendly, pre-configured version of Drupal. It stands out with smart defaults and an intuitive user interface - ideal for fast site building and a seamless start. Contrary, the Drupal Core is the minimalistic and flexible base platform that offers developers the full range of adaptability without pre-configured features.

On January 15th 2025 we invite you to an inspiring evening which centers around innovation, networking and exchange. Together we dive into the success story of one of the most powerful CMS and celebrate the new product.

Meet like-minded people, share your experiences and toast with us to a platform which revolutionised the way we design the web. This evening is the perfect opportunity to learn something new, exchange ideas, to be part of this wonderful community - or to become it.

Don't miss out on this special moment in history.

Please rsvp at the meetup link so we can plan ahead.
https://www.meetup.com/munchen-drupal-user-group-meetup/events/305146338

Project: Open SocialDate: 2024-December-11Security risk: Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: >=11.8.0 <12.3.10 || >=12.4.0 <12.4.9Description: 

Open Social is a Drupal distribution for online communities, which ships with a default (optional) module social_file_private to ensure the images and files provided by the distribution are stored in the private instead of the public filesystem.

For installations of Open Social prior to version 11.8.0, after updating to 11.8.0 or higher, newly uploaded files were no longer stored in the private file system as intended. Instead, they were stored in the public file system.

Solution: 

Install the latest version and make sure to run the update hooks.

• If you use Open Social 12.3.x upgrade to Open Social 12.3.10
• If you use Open Social 12.4.x upgrade to Open Social 12.4.9

Note: If some files were uploaded during that time and became unused, the update hook cannot move them. These files will require manual cleanup. Read the module release notes linked above for advice on how to handle that situation.

Reported By: 

• corn696

Fixed By: 

• corn696
• Robert Ragas

Coordinated By: 

• Greg Knaddison of the Drupal Security Team

Project: Allow All File Extensions for file fieldsDate: 2024-December-11Security risk: Critical 18 ∕ 25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:AllVulnerability: UnsupportedAffected versions: *Description: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Project: Git Utilities for DrupalDate: 2024-December-11Security risk: Critical 17 ∕ 25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:AllVulnerability: UnsupportedAffected versions: *Description: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Start:  2024-12-12 18:00 - 21:00 UTC Event type:  User group meeting

https://www.meetup.com/drupal-switzerland/events/304454733

Join us on December 12 for the in-person Drupal Meetup at the Liip office in Zurich. Afterwards, we will go out to a Christmas market nearby for some drinks.

Doors open at 18:00, and presentations will start around 18:30. There will be time to network and exchange before, between, and after the talks.

Optionally, you can join the general assembly starting at 17:00
https://www.meetup.com/drupal-switzerland/events/304454746

The Drupal Meetup is dedicated to people interested in the Content Management System & Framework: Drupal.

We welcome everyone, from beginners to Drupal experts and people who just want to find out what Drupal is all about.

Come for the code, and stay for the community!

AGENDA

• The new web platform of "Museum für Gestaltung" - Challenges, Lessons learned and Opportunities for Digital presences of Cultural Institutions (Jon Minder, Josef Kruckenberg - Liip)
• Holcim Foundation Awards Platform - Case Study (Daniel Lemon - Amazee Labs)

LOCATION

Liip AG
Limmatstrasse 183
8005 Zürich
https://goo.gl/maps/PrC5VMGewo5jyQ4p9

Project: Login DisableDate: 2024-December-11Security risk: Critical 16 ∕ 25 AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassAffected versions: >=2.0.0 <2.1.1Description: 

This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page.

The Login Disable module does not correctly prevent a user with a disabled login from logging in, allowing those users to by-pass the protection offered by the module.

This vulnerability is mitigated by the fact that an attacker must already have a user account to log in. This bug therefore allows users to log in even if their login is disabled.

Solution: 

Install the latest version:

• If you use the Login Disable module for Drupal 9.x / 10.x, upgrade to Login Disable 2.1.1

The Drupal 7 version of the module is not affected.

Reported By: 

• e5sego

Fixed By: 

• e5sego
• Sang Lostrie

Coordinated By: 

• Ivo Van Geertruyen of the Drupal Security Team
• Greg Knaddison of the Drupal Security Team
• Benji Fisher of the Drupal Security Team

Project: Browser Back ButtonDate: 2024-December-11Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingAffected versions: >=1.0.0 <2.0.2Description: 

This module provides a block that renders a link providing the functionality of a browser's back button.

The module does not sufficiently escape text entered by an administrator, resulting in a cross scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".

Solution: 

Install the latest version:

• If you use the Browser Back Button module for Drupal 9.x/10.x, upgrade to Browser Back Button 2.0.2

Reported By: 

• Patrick Fey

Fixed By: 

• Elavarasan R

Coordinated By: 

• Ivo Van Geertruyen of the Drupal Security Team

Project: Entity Form StepsDate: 2024-December-04Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingAffected versions: <1.1.4Description: 

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins.

The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code.

This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer [entity_type] form display' permission allowing access to configure entity form displays.

Solution: 

Install the latest version:

• If you use the Entity Form Steps module for Drupal 9.x/10.x, upgrade to Entity Form Steps 1.1.4

Reported By: 

• Ide Braakman

Fixed By: 

• Rob

Coordinated By: 

• Ivo Van Geertruyen of the Drupal Security Team

Project: Minify JSDate: 2024-December-04Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross site request forgeryAffected versions: <3.0.3Description: 

The Minify JS module allows a site administrator to minify all javascript files that exist in the site's code base and use those minified files on the front end of the website.

Several administrator routes are unprotected against Cross-Site Request Forgery (CRSF) attacks.

Solution: 

Install the latest version:

• If you use the Minify JS module for Drupal 7.x, upgrade to Minify JS 7.x-1.11
• If you use the Minify JS module for Drupal 8.x, upgrade to Minify JS 3.0.3

Reported By: 

• Pierre Rudloff

Fixed By: 

• Ivo Van Geertruyen of the Drupal Security Team
• Scott Joudry

Coordinated By: 

• Ivo Van Geertruyen of the Drupal Security Team

Project: Download All FilesDate: 2024-December-04Security risk: Critical 16 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Proof/TD:AllVulnerability: Access bypassAffected versions: <2.0.2Description: 

This module provides a field formatter for the field type 'file' called `Table of files with download all link` .

The module had vulnerabilities allowing a user to download files they normally should not be able to download.

Solution: 

Install the latest version:

• If you use the Download All Files module, upgrade to 2.0.2 version

Reported By: 

• Pierre Rudloff
• Jeroen Tubex

Fixed By: 

• Jeroen Tubex
• striknin
• Giuseppe

Coordinated By: 

• Greg Knaddison of the Drupal Security Team
• Damien McKenna of the Drupal Security Team
• Ivo Van Geertruyen of the Drupal Security Team

Project: Pages Restriction AccessDate: 2024-December-04Security risk: Critical 15 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassAffected versions: >=2.0.0 <2.0.3Description: 

Module to restrict access from anonymous and regular users to configured pre-defined pages.

The module does not adequately handle protecting certain types of URLs.

Solution: 

Install the latest version:

• If you use the Pages Restriction Access for Drupal 8.x or higher, upgrade to Pages Restriction Access for Drupal 2.0.3

Reported By: 

• Pierre Rudloff
• Ivo Van Geertruyen of the Drupal Security Team

Fixed By: 

• renatog
• Pierre Rudloff

Coordinated By: 

• Greg Knaddison of the Drupal Security Team
• Damien McKenna of the Drupal Security Team
• Juraj Nemec of the Drupal Security Team
• Ivo Van Geertruyen of the Drupal Security Team

Project: OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client)Date: 2024-December-04Security risk: Critical 16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingAffected versions: >=3.0.0 <3.44.0 || >=4.0.0 <4.0.19Description: 

This module enables you to authenticate users through an Identity Provider (IdP) or OAuth Server, allowing them to log in to your Drupal site.

The module does not sufficiently escape query parameters sent to the callback URL when displaying error messages, particularly if the code parameter is missing in the response.

Solution: 

Install the latest version:

• If you use the OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) module 8.x-3.x for Drupal 9 and Drupal 10, upgrade to miniorange_oauth_client 8.x-3.44 .
• If you use the OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) module 4.x for Drupal 9, Drupal 10 and Drupal 11, upgrade to miniorange_oauth_client 4.0.19.
• If you use the OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) module 7.x-1.x for Drupal 7, upgrade to miniorange_oauth_client 7.x-1.355.

Reported By: 

• Borut Piletic

Fixed By: 

• Borut Piletic
• singh_ankit
• Ivo Van Geertruyen of the Drupal Security Team

Coordinated By: 

• Greg Knaddison of the Drupal Security Team
• Damien McKenna of the Drupal Security Team

Project: Print AnythingDate: 2024-December-04Security risk: Critical 16 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:AllVulnerability: UnsupportedAffected versions: *Description: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Reported By: 

• Drew Webber of the Drupal Security Team

Project: Megamenu FrameworkDate: 2024-December-04Security risk: Critical 16 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:AllVulnerability: UnsupportedAffected versions: *Description: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Reported By: 

• Drew Webber of the Drupal Security Team

Project: Tarte au CitronDate: 2024-November-27Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingAffected versions: >=2.0.0 <2.0.5Description: 

This module integrates Tarte au citron JS library with Drupal and prevent services to be loaded without user consent. Administrators can enable and configure services which will be managed by Tarte au citron.

When Google Tag Manager (GTM) service is enabled, an attacker can load a GTM container that can completely change the page or insert malicious JS.

This vulnerability is mitigated by the fact that the attacker must have a role with the permission "administer tarte au citron".

Solution: 

Install the latest version and confirm only trusted roles have the "Administer Tarte au citron" permission.

• If you use the Tarte au citron module for Drupal 10.x, upgrade to Tarte au citron 2.0.5

Reported By: 

• Pierre Rudloff

Fixed By: 

• Kévin Le lostec

Coordinated By: 

• Greg Knaddison of the Drupal Security Team
• Juraj Nemec of the Drupal Security Team
• cilefen of the Drupal Security Team

Beginn:  2024-12-05 19:30 Europa/Berlin Organizers:  akoe leymannx odras stolzenhain Event type:  User group meeting

[EN version below]

Eines steht schon vor dem Drupal User Group-Treffen dieses Monats fest: Wenn ihr dieses Mal nach dem Meeting nach Hause kommt, müsst ihr eure Stiefel putzen, denn der Nikolaus bringt euch in dieser Nacht vielleicht Süßigkeiten nach Hause.

Feiern wir Weihnachten und lassen wir dieses Drupal Jahr bei einem schönen und gemütlichen Lean Coffee Lean Glühwein ausklingen. Das heißt: Wir bringen den Glühwein und wer mag, bringt ein paar Snacks mit und dann stimmen wir über die Themen ab, die uns am meisten interessieren.

Wenn es bereits ein Thema gibt, über das Du schon lange sprechen oder mehr erfahren wolltest, schreib einem von uns eine Direktnachricht auf Drupal Slack, damit wir vielleicht etwas auf die Beine stellen können, um sicherzustellen, dass es auf jeden Fall besprochen wird.

Wie immer findet ihr uns am ersten Donnerstag im Monat, diesen Monat ist das der 5. Dezember um 19:30, in der c-base (Rungestraße 20, 10179 Berlin).

Bis denne

Andreas (@akoe), Ariane (@odras), Florian (@stolzenhain) und Norman (@leymannx)

One thing's for sure already, even before this month's Drupal User Group meeting: When you come home this time from the meeting, you need to clean your boots because St. Nicholas might leave some sweets for you this night.

Let's celebrate Christmas time and wrap up this year of Drupal with a nice and cozy Lean Coffee Lean Gluhwein. That means: We bring some Gluhwein and you are invited to bring some snacks and we spontaneously decide what we want to talk about that evening.

If there's already one topic you wanted to talk or learn about for a long time, write one of us a direct message on Drupal Slack so we might be able to set something up to ensure to have that topic covered by any means.

As always you'll find us on the first Thursday a month, this month that's Dec. 5th at 19:30, at the c-base (Rungestraße 20, 10179 Berlin).

See you around

Andreas (@akoe), Ariane (@odras), Florian (@stolzenhain) and Norman (@leymannx)

Project: EloquaDate: 2024-November-20Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionDescription: 

This module integrates webforms with eloqua, an automated marketing and demand generation software built to improve the quality and quantity of customers' sales leads and streamline their sales processes.

In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's unserialize() function, which could result in Remote Code Execution via PHP Object Injection.

This vulnerability is mitigated by the fact that an attack must operate with the permission "access administration pages", however this could be the case if this issue were combined with others in an "attack chain".

Solution: 

Install the latest version:

• If you use the Eloqua module for Drupal 7.x, upgrade to Eloqua 7.x-1.15

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Albert Volkman

Coordinated By: 

• Greg Knaddison of the Drupal Security Team

Project: MailjetDate: 2024-November-20Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionAffected versions: <4.0.1Description: 

This module for Drupal provides complete control of Email settings with Drupal and Mailjet.

In certain cases the module doesn't securely pass data to PHP's unserialize() function, which could result in Remote Code Execution via PHP Object Injection.

This vulnerability is mitigated by the fact that an attack must operate with the permission "administer mailjet module", however this could be the case if this issue were combined with others in an "attack chain".

Solution: 

Install the latest version:

• Upgrade to Mailjet 4.0.1
• For Drupal 7.x, upgrade to Mailjet 7.x-2.23

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Drew Webber of the Drupal Security Team
• Bohdan Artemchuk

Coordinated By: 

• Drew Webber of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Gadget chainAffected versions: >=7.0 < 7.102 || >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9CVE IDs: CVE-2024-55638Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases.

Solution: 

Install the latest version:

• If you are using Drupal 7, update to Drupal 7.102.
• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Drew Webber of the Drupal Security Team
• Fabian Franz
• Juraj Nemec of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team
• Dave Long of the Drupal Security Team
• Alex Pott of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team