pcavejr

Team bandwidth aside, that’s still not super helpful. We’ve already done the diff and there are 247 changes between 5.6 and 5.6.8. I need to know which of these tickets addresses the security issue. I’m used to working in a project where issues/tickets related to security are clearly marked as such. Thanks.

https://core.trac.www.ads-software.com/query?milestone=5.7.1&group=component&col=id&col=summary&col=milestone&col=owner&col=type&col=status&col=priority&order=priority

Hello again. Just wondering if anyone could help me locate the changes specific to the security issues that were fixed in 5.7.1. The team managing the site doesn’t have the bandwidth to handle a 5.6.8 upgrade at this time either. However they should be able to deal with patching those 2 specific issues as a stopgap until a full upgrade can be achieved.

* XXE vulnerability within the media library affecting PHP 8.
* Data exposure vulnerability within the REST API.

Thanks,
Phillip

I’m not 100% certain, I’m just trying to assist another project team. Sounds like they have some custom modules (I’m a Drupal guy) that might need to be adjusted to work with the upgraded version.

Thanks Steve. The site I’m working with is 5.6 and can’t be upgraded just yet, so I’m looking to try and patch as a short term solution.

I can’t tell which tickets in the release are related to the security issues so I can get the change sets. I understand they may not apply to 5.6, in that case we’ll manually apply the changes.