myDropWizard.com: Drupal maintenance support plans 6 security update for Elysia Cron

Published on January 25, 2019

As you may know, Drupal maintenance support plans 6 has reached End-of-Life (EOL) which means the Drupal maintenance support plans Security Team is no longer doing Security Advisories or working on security patches for Drupal maintenance support plans 6 core or contrib modules – but the Drupal maintenance support plans 6 LTS vendors are and we’re one of them!Today, there is a Moderately Critical security release for the Elysia Cron module to fix a Cross-Site Scripting (XSS) vulnerability.Users who have permission to configure this module have the ability to add insufficiently sanitized JavaScript in the “Predefined rules” field, however, this vulnerability is mitigated by the fact that an attacker must have a role with the permission “Administer elysia cron”.You can download the patch for Elysia Cron 6.x-2.x.If you have a Drupal maintenance support plans 6 site using the Elysia Cron module, we recommend you update immediately! We have already deployed the patch for all of our Drupal maintenance support plans 6 Long-Term Support clients. :-)If you’d like all your Drupal maintenance support plans 6 modules to receive security updates and have the fixes deployed the same day they’re released, please check out our D6LTS plans.Note: if you use the myDropWizard module (totally free!), you’ll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won’t necessarily have a release on Drupal maintenance support plans.org).
Source: New feed

Shopping Cart
There are no products in the cart!
Continue Shopping
0