Software-update: Drupal 7.75 / 8.8.12 / 8.9.10 / 9.0.9 – Computer – Downloads

Updates have been released for Drupal versions 7.7, 8.8, 8.9 and 9.0. Drupal is a user-friendly and powerful content management platform written in PHP, which can be used to create websites, for example. It’s simple enough for a novice user, but powerful enough to build a more complex website as well. The program includes a content management platform and a development framework. The updates contain a fix for the following security issue:

Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2020-013

Project: Drupal core
Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon
Vulnerability: Arbitrary PHP code execution
Description: The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them. To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files. This is a different issue than SA-CORE-2019-012. Similar configuration changes may mitigate the problem until you are able to patch.

Solution: Install the latest version:

Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.

–