Startseite
  • » Home
  • » Handbuch & FAQ
  • » Forum
  • » Übersetzungsserver
  • » Suche
Startseite › Newsfeed-Generator › Kategorien ›

Drupal Security

Wingsuit - Storybook for UI Patterns - Critical - Access bypass - SA-CONTRIB-2022-040

Drupal Contrib Security - 18 Mai, 2022 - 19:13
Project: Wingsuit - Storybook for UI PatternsVersion: 8.x-2.x-dev8.x-1.x-devDate: 2022-May-18Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: 

The Wingsuit module enables site builders to build UI Patterns (and|or) Twig Components with Storybook and use them without any mapping code in Drupal.

The module doesn't have an access check for the admin form allowing an attacker to view and modify the Wingsuit configuration.

Solution: 

Install the latest version:

  • If you use the wingsuit_companion 8.x-1.x module for Drupal 8.x, upgrade to Wingsuit 8.x-1.1
Reported By: 
  • Christian.wiedemann
Fixed By: 
  • Christian.wiedemann
Coordinated By: 
  • Greg Knaddison of the Drupal Security Team
Kategorien: Drupal Security

Duo Two-Factor Authentication - Critical - Unsupported - SA-CONTRIB-2022-039

Drupal Contrib Security - 4 Mai, 2022 - 18:37
Project: Duo Two-Factor AuthenticationDate: 2022-May-04Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported.

Kategorien: Drupal Security

Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038

Drupal Contrib Security - 4 Mai, 2022 - 18:26
Project: Quick Node CloneDate: 2022-May-04Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:None/II:Some/E:Proof/TD:AllVulnerability: Access bypassDescription: 

The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities.

The module has a vulnerability which allows attackers to bypass the protection to clone any group content with an access check. Users are allowed to copy other group's nodes, and if they do that, the node gets added to groups they don't have access to.

This vulnerability is mitigated by the fact it only affects sites that also use the Groups contributed module.

Solution: 

Install the latest version:

  • If you use the Quick Node Clone module for Drupal 8.x, upgrade to Quick Node Clone 8.x-1.15
Reported By: 
  • Benjamin Rasmussen
Fixed By: 
  • Benjamin Rasmussen
  • Neslee Canil Pinto
Coordinated By: 
  • Greg Knaddison of the Drupal Security Team
  • Damien McKenna of the Drupal Security Team
Kategorien: Drupal Security

Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036

Drupal Contrib Security - 4 Mai, 2022 - 18:11
Project: Image Field CaptionVersion: 8.x-1.1Date: 2022-May-04Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: 

Image Field Caption (image_field_caption) adds an extra text area for captions on image fields.

The module doesn't sanitize user input in certain cases, which leads to a Cross-Site-Scripting (XSS) vulnerability.

The vulnerability is mitigated by several permissions, of which at least some are commonly only assigned to either editors, site builders or administrators.

Solution: 

Install the latest version:

  • If you use the image_field_caption module for Drupal 9.x, upgrade to image_field_caption 8.x-1.2
Reported By: 
  • Patrick Fey
Fixed By: 
  • Patrick Fey
  • Tyler Struyk
Coordinated By: 
  • Greg Knaddison of the Drupal Security Team
  • Damien McKenna of the Drupal Security Team
Kategorien: Drupal Security

Doubleclick for Publishers (DFP) - Moderately critical - Cross site scripting - SA-CONTRIB-2022-035

Drupal Contrib Security - 4 Mai, 2022 - 18:06
Project: Doubleclick for Publishers (DFP)Date: 2022-May-04Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: 

Doubleclick for Publishers (DFP) module enables a site to place ads from Doubleclick For Publishers.

The module doesn't sanitize user input in certain cases, which leads to Cross-Site-Scripting (XSS) vulnerabilities. An attacker that can create or edit certain entities may be able to exploit a Cross-Site-Scripting (XSS) vulnerability to target visitors of the site, including site admins with privileged access.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer DFP".

Solution: 

Install the latest version:

  • If you use the Doubleclick for Publishers module for Drupal 9.x, upgrade to DFP 8.x-1.2

Note that the Drupal 7 version of this module is unaffected.

Reported By: 
  • John Herreño
Fixed By: 
  • John Herreño
  • Marcelo Vani
Coordinated By: 
  • Lee Rowlands of the Drupal Security Team
  • Greg Knaddison of the Drupal Security Team
  • Damien McKenna of the Drupal Security Team
Kategorien: Drupal Security

Link - Moderately critical - Cross site scripting - SA-CONTRIB-2022-034

Drupal Contrib Security - 4 Mai, 2022 - 18:01
Project: LinkDate: 2022-May-04Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross site scriptingDescription: 

This module enables you to add URL fields to entity types with a variety of options.

The module doesn't sufficiently filter output when token processing is disabled on an individual field.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create content and the token processing option must be disabled.

Solution: 

Install the latest version:

  • If you use the Link module for Drupal 7.x, upgrade to Link 7.x-1.11
Reported By: 
  • Brad Bulger
Fixed By: 
  • Damien McKenna of the Drupal Security Team
  • Brad Bulger
  • Greg Knaddison of the Drupal Security Team
Coordinated By: 
  • Greg Knaddison of the Drupal Security Team
  • Damien McKenna of the Drupal Security Team
Kategorien: Drupal Security

Drupal core - Moderately critical - Access bypass - SA-CORE-2022-009

Drupal Core Security - 20 April, 2022 - 17:07
Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: 

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content.

This vulnerability only affects sites using Drupal's revision system.

This advisory is not covered by Drupal Steward.

Solution: 

Install the latest version:

  • If you are using Drupal 9.3, update to Drupal 9.3.12.

All releases prior to Drupal 9.3 (including Drupal 7) are not affected.

Reported By: 
  • Kristiaan Van den Eynde
Fixed By: 
  • Kristiaan Van den Eynde
  • Lee Rowlands of the Drupal Security Team
  • Adam Bramley
  • xjm of the Drupal Security Team
  • Dave Long
  • Nathaniel Catchpole of the Drupal Security Team
  • Jibran Ijaz
  • Benji Fisher
Kategorien: Drupal Security

Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008

Drupal Core Security - 20 April, 2022 - 17:04
Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationDescription: 

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

We do not know of affected forms within core itself, but contributed and custom project forms could be affected. Installing this update will fix those forms.

This advisory is not covered by Drupal Steward.

Solution: 

Install the latest version:

  • If you are using Drupal 9.3, update to Drupal 9.3.12.
  • If you are using Drupal 9.2, update to Drupal 9.2.18.

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 is not affected.

Reported By: 
  • Dezső BICZÓ
Fixed By: 
  • xjm of the Drupal Security Team
  • Alex Bronstein of the Drupal Security Team
  • Dezső BICZÓ
  • Lee Rowlands of the Drupal Security Team
Kategorien: Drupal Security

Rename Admin Paths - Moderately critical - Access bypass - SA-CONTRIB-2022-033

Drupal Contrib Security - 12 April, 2022 - 19:17
Project: Rename Admin PathsVersion: 7.x-2.37.x-2.27.x-2.1Date: 2022-April-12Security risk: Moderately critical 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: 

The Rename Admin Path module provides additional security to Drupal sites by renaming the admin paths. The module has a vulnerability with allows attackers to bypass the protection by using specially crafted URLs.

The risk is mitigated by the fact that, even though the attacker can bypass the protection offered by this module, all regular permissions still apply.

Solution: 

Install the latest version:

  • If you use the rename_admin_paths module for Drupal 7.x, upgrade to rename_admin_paths 7.x-2.4

Only the 7.x version of the module is vulnerable. If you use the 8.x version, you do not have to take any action.

Reported By: 
  • Ivo Van Geertruyen of the Drupal Security Team
Fixed By: 
  • Ivo Van Geertruyen of the Drupal Security Team
  • Raphaël Apard
Coordinated By: 
  • Chris McCafferty of the Drupal Security Team
  • Ivo Van Geertruyen of the Drupal Security Team
Kategorien: Drupal Security

Anti Spam by CleanTalk - Moderately critical - SQL Injection - SA-CONTRIB-2022-032

Drupal Contrib Security - 30 März, 2022 - 20:23
Project: Anti Spam by CleanTalkDate: 2022-March-30Security risk: Moderately critical 14∕25 AC:Basic/A:None/CI:None/II:All/E:Theoretical/TD:DefaultVulnerability: SQL InjectionDescription: 

This module provides integration with the CleanTalk spam protection service.

The module does not properly filter data in certain circumstances.

Update: 2022-03-31 - fix release node links

Solution: 

Install the latest version:

  • If you use the Anti Spam by CleanTalk module for Drupal 8.x, upgrade to Anti Spam by CleanTalk 8.x-4.15
  • If you use the Anti Spam by CleanTalk module for Drupal 9.x, upgrade to Anti Spam by CleanTalk 9.1.21
Reported By: 
  • Glomberg
  • Heine of the Drupal Security Team
Fixed By: 
  • Glomberg
Coordinated By: 
  • Chris McCafferty of the Drupal Security Team
  • Greg Knaddison of the Drupal Security Team
Kategorien: Drupal Security

Role Delegation - Moderately critical - Privilege escalation - SA-CONTRIB-2022-031

Drupal Contrib Security - 23 März, 2022 - 18:39
Project: Role DelegationDate: 2022-March-23Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Privilege escalationDescription: 

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the administer permissions permission.

The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. An authenticated user is able to assign the administrator role to his own user.

This vulnerability is mitigated by the fact that an attacker must have access to an overview of users with the views bulk operations module enabled. E.g. The admin_views module provides such a view.

Solution: 

Install the latest version:

  • If you use the Role Delegation module for Drupal 7.x, upgrade to Role Delegation 7.x-1.3
Reported By: 
  • Michael Forbes
  • Jeroen Tubex
  • Stein Setvik
Fixed By: 
  • Michael Forbes
  • Jeroen Tubex
  • Stein Setvik
Coordinated By: 
  • Greg Knaddison of the Drupal Security Team
Kategorien: Drupal Security

Colorbox Node - Critical - Unsupported - SA-CONTRIB-2022-030

Drupal Contrib Security - 23 März, 2022 - 18:36
Project: Colorbox NodeDate: 2022-March-23Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

This module was unsupported on 2022-01-26, however, the SA was missed in publishing them at that time.

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Kategorien: Drupal Security

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006

Drupal Core Security - 21 März, 2022 - 23:39
Project: Drupal coreDate: 2022-March-21Security risk: Moderately critical 11∕25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Third-party librariesCVE IDs: CVE-2022-24775Description: 

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which may affect some Drupal sites.

We are issuing this security advisory outside our regular Drupal security release window schedule since Guzzle has already published information about the vulnerability, and vulnerabilities might exist with core, contributed modules, or custom modules that use Guzzle for outgoing requests. Guzzle has rated this vulnerability as low-risk.

This advisory is not covered by Drupal Steward.

Solution: 

Install the latest version:

  • If you are using Drupal 9.3, update to Drupal 9.3.9.
  • If you are using Drupal 9.2, update to Drupal 9.2.16.

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 is not affected.

Reported By: 
  • Jeroen Tubex
  • Damien McKenna of the Drupal Security Team
Fixed By: 
  • xjm of the Drupal Security Team
  • Alex Pott of the Drupal Security Team
  • Lee Rowlands of the Drupal Security Team
  • Greg Knaddison of the Drupal Security Team
  • Peter Wolanin of the Drupal Security Team
Kategorien: Drupal Security

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-005

Drupal Core Security - 16 März, 2022 - 18:10
Project: Drupal coreDate: 2022-March-16Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Third-party librariesCVE IDs: CVE-2022-24728CVE-2022-24729Description: 

The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.

Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.

For more information, see CKEditor's security advisories:

  • CVE-2022-24728: HTML processing vulnerability allowing to execute JavaScript code
  • CVE-2022-24729: Regular expression Denial of Service in dialog plugin

This advisory is not covered by Drupal Steward.

Solution: 

Install the latest version:

  • If you are using Drupal 9.3, update to Drupal 9.3.8.
  • If you are using Drupal 9.2, update to Drupal 9.2.15.

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Instructions for Drupal 7 and contributed modules

Drupal 7 core is not affected, although Drupal 7, 8, and 9 site owners should review their site following the protocol for managing external libraries and plugins previously suggested by the Drupal Security Team, as contributed projects may use additional CKEditor plugins not packaged in Drupal core.

Users of the Webform module should ensure Webform's version of CKEditor 4 is also up-to-date after updating Drupal core and libraries for any affected contributed modules. Learn more about updating Webform libraries.

Reported By: 
  • Jacek Bogdański
Fixed By: 
  • Jess of the Drupal Security Team
  • Wim Leers
  • Lee Rowlands of the Drupal Security Team
Kategorien: Drupal Security

Opigno Learning path - Moderately critical - Access bypass - SA-CONTRIB-2022-029

Drupal Contrib Security - 9 März, 2022 - 20:57
Project: Opigno Learning pathDate: 2022-March-09Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: 

This module is used as part of the Opigno LMS distribution and implements learning paths for the LMS.

The module was providing too much user information about users such as the list of groups a uid is in.

Solution: 

Install the latest version:

  • If you use the opigno_learning_path module for Drupal 9.x, upgrade to 3.0.1 opigno_learning_path 3.0.1
Reported By: 
  • Aaron Bauman
Fixed By: 
  • Aaron Bauman
  • James Aparicio
Kategorien: Drupal Security

SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2022-028

Drupal Contrib Security - 9 März, 2022 - 20:28
Project: SVG FormatterDate: 2022-March-09Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Cross Site ScriptingDescription: 

SVG Formatter module provides support for using SVG images on your website.

Our dependency library enshrined/svg-sanitize has a cross-site scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with permission that enables them to upload SVG images.

Solution: 

Update the module (8.x-1.17 or 2.0.1) which will enable updating to the enshrined/svg-sanitize to version 0.15 or newer library.

The updated library is most easily installed with Composer. To update the module and library it's possible to run the following Composer command:

composer update --with-dependencies drupal/svg_formatterReported By: 
  • Jeroen Tubex
Fixed By: 
  • Goran Nikolovski
Coordinated By: 
  • Damien McKenna of the Drupal Security Team
  • Lee Rowlands of the Drupal Security Team
  • Greg Knaddison of the Drupal Security Team
Kategorien: Drupal Security

End of Drupal 6 vendor support - PSA-2022-03-09

Drupal PSA Security - 9 März, 2022 - 16:59
Date: 2022-March-09Description: 

Drupal 6 LTS vendor-provided support will end on October 22, 2022.

On February 24th, 2016, Drupal 6 was marked end-of-life (EOL). The Drupal 6 Long-Term-Support (LTS) program added more than 6 years of additional coverage for program participants and the community.

On behalf of the community the Drupal Security Team would like to thank all the vendors that participated in this program: Tag1, Acquia, and myDropWizard.

After the Drupal 6 LTS program ends, security issues for Drupal 6 may be disclosed in public, and zero-days (i.e, security vulnerabilities being exploited in the wild without advanced warning) may occur. Patches for Drupal 6 security issues will no longer be provided by any vendor. Drupal 6.x Update Status module data and package distribution may be disabled or removed as Drupal.org prepares to update to newer infrastructure.

Solution: 

If you are still maintaining a Drupal 6 site, we recommend migrating to Drupal 7 or Drupal 9 before the program ends. Learn more about upgrading from Drupal 6 to Drupal 9.

Kategorien: Drupal Security

GOV.UK Theme - Moderately critical - Cross site scripting - SA-CONTRIB-2022-027

Drupal Contrib Security - 23 Februar, 2022 - 19:18
Project: GOV.UK ThemeDate: 2022-February-23Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: 

The GOV.UK Theme (govuk_theme) is a Drupal theme for the GOV.UK Design System.

The theme doesn't sanitize user input in certain cases, which leads to Cross-Site-Scripting (XSS) vulnerabilities. An attacker that can create or edit certain entities or configuration may be able to exploit one or more Cross-Site-Scripting (XSS) vulnerabilities to target visitors of the site, including site admins with privileged access.

The vulnerability is mitigated by the facts, that:

  • An attacker must have one of several permissions, of which at least some are commonly only assigned to either editors, site builders or administrators.
  • For some of the vulnerabilities, certain contributed modules must be enabled.
Solution: 

Install the latest version:

  • If you use the govuk_theme for Drupal 9.x, upgrade to govuk_theme 8.x-1.9
Reported By: 
  • Patrick Fey
Fixed By: 
  • Andrew Hughes-Onslow
  • Patrick Fey
Coordinated By: 
  • Chris McCafferty of the Drupal Security Team
  • Damien McKenna of the Drupal Security Team
Kategorien: Drupal Security

Entity Reference Tree Widget - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-026

Drupal Contrib Security - 23 Februar, 2022 - 19:10
Project: Entity Reference Tree WidgetDate: 2022-February-23Security risk: Moderately critical 12∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: 

This module provides an entity relationship hierarchy tree widget for an entity reference field.

The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to modify an entity that is the reference to a field.

Solution: 

Install the latest version:

  • If you use the Entity Reference Tree Widget module for Drupal 8.x or 9.x, upgrade to entity_reference_tree 2.0.2
Reported By: 
  • Jeroen Vreuls
Fixed By: 
  • Mingsong
  • Jeroen Vreuls
Coordinated By: 
  • Chris McCafferty of the Drupal Security Team
  • Damien McKenna of the Drupal Security Team
Kategorien: Drupal Security

Drupal 7's End-of-Life extended to November 1, 2023 - PSA-2022-02-23

Drupal PSA Security - 23 Februar, 2022 - 15:24
Date: 2022-February-23Description: 

Drupal 7's End-of-Life extended to November 1, 2023

More than a decade after its first release, Drupal 7 is still widely used across the web. It can be found powering civic engagement in government installations; managing vast amounts of content for faculty, students, and staff in educational institutions; and providing the digital backbone for many businesses and non-profit organizations. Drupal 9 is well-maintained, secure, stable, and feature-rich, but many organizations still rely on Drupal 7.

The teams that built and still maintain these legacy Drupal installations, and the end users they serve, are important constituents of the Drupal community. Although these users should still plan their upgrade to a newer version of Drupal, if they are unable to upgrade before the currently announced end-of-life, it would not be responsible of us to leave them vulnerable.

Therefore, we are announcing that moving forward, the scheduled Drupal 7 End-of-Life date will be re-evaluated annually. As of today, we are extending the end-of-life by one year to November 1, 2023.

The Drupal project lead, Dries Buytaert, the Drupal Association, and the Drupal Security Working Group have been monitoring the Drupal 7 ecosystem since the previous end-of-life extension. As a majority of all sites in the Drupal project are still on Drupal 7, we have decided that there is a clear need to provide additional support to the members of our community still using this version. At the end of the day, we have a moral imperative to keep as many of those sites secure as we can.

We will announce by July 2023 whether we will extend Drupal 7 community support an additional year. Factors that we will consider are community support, Drupal 7 usage, and active Drupal 7 maintainers. Current support is made possible thanks to the many Drupal 7 maintainers and companies that are paying to support Drupal 7.

You can donate to the Drupal Security Team on our Donations page.

For press contacts, please email security-press@drupal.org.

Coordinated By: 

The following people contributed to this public service announcement.

Michael Hess
Tim Lehnen
Greg Knaddison
Dries Buytaert
xjm
Gábor Hojtsy
Madison Atkins

Kategorien: Drupal Security
  • 1
  • 2
  • 3
  • 4
  • nächste Seite ›
  • letzte Seite »

Benutzeranmeldung

  • Registrieren
  • Neues Passwort anfordern

Aktive Forenthemen

  • Modul lässt Website anstürzen
  • Showroom
  • rename admin paths - Probleme mit Modul - Alterantive?
  • Probleme mit Installation voa COMPOSER
  • Drupal- Vor- und Nachteile
  • Text Editor verschwunden
  • Wie URL Alias für Entity in Drupal 9 erstellen?
  • in View zwischen Felder einer Node filtern
  • HTML-Code funktioniert nicht
  • Webform, Condtional Logik, Kontrollkästchen
  • Sprachumstellung - alte Nodes nicht mehr über alias erreichbar
  • Produkt im onlineshop soll 0,-€ kosten, funktioniert aber nicht
Weiter

Neue Kommentare

  • Das Modul ist ja ganz schön,
    vor 17 Stunden 48 Minuten
  • Modul Purge
    vor 1 Tag 12 Stunden
  • Nö
    vor 1 Tag 20 Stunden
  • Manuell aus der Datenbank löschen
    vor 1 Tag 20 Stunden
  • Bots ... auf Abstand
    vor 2 Tagen 12 Stunden
  • Cache vs Browser
    vor 2 Tagen 12 Stunden
  • h2b2 schrieb Nach einigen
    vor 4 Tagen 20 Stunden
  • Vor- und Nachteile
    vor 4 Tagen 22 Stunden
  • Alles klar, vielen herzlichen
    vor 6 Tagen 21 Stunden
  • Entitäts- bzw. Felddefinitionen
    vor 1 Woche 8 Stunden

Statistik

Beiträge im Forum: 247799
Registrierte User: 19532

Neue User:

  • rogerfk18
  • Joshuanv
  • DorothyDef

» Alle User anzeigen

User nach Punkten sortiert:
wla9209
stBorchert6003
quiptime4972
Tobias Bähr4019
bv3924
ronald3845
md3717
Thoor3678
Alexander Langer3416
Exterior2903
» User nach Punkten
Zur Zeit sind 0 User und 4 Gäste online.

Drupal Security

  • Wingsuit - Storybook for UI Patterns - Critical - Access bypass - SA-CONTRIB-2022-040
  • Duo Two-Factor Authentication - Critical - Unsupported - SA-CONTRIB-2022-039
  • Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038
  • Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036
  • Doubleclick for Publishers (DFP) - Moderately critical - Cross site scripting - SA-CONTRIB-2022-035
Weiter

Hauptmenü

  • » Home
  • » Handbuch & FAQ
  • » Forum
  • » Übersetzungsserver
  • » Suche

Quicklinks I

  • Infos
  • Drupal Showcase
  • Installation
  • Update
  • Forum
  • Team
  • Verhaltensregeln

Quicklinks II

  • Drupal Jobs
  • FAQ
  • Drupal-Kochbuch
  • Best Practice - Drupal Sites - Guidelines
  • Drupal How To's

Quicklinks III

  • Tipps & Tricks
  • Drupal Theme System
  • Theme Handbuch
  • Leitfaden zur Entwicklung von Modulen

RSS & Twitter

  • Drupal Planet deutsch
  • RSS Feed News
  • RSS Feed Planet
  • Twitter Drupalcenter
Drupalcenter Team | Impressum & Datenschutz | Kontakt
Angetrieben von Drupal | Drupal is a registered trademark of Dries Buytaert.
Drupal Initiative - Drupal Association