An update will be released to our development environment on Wednesday, January 16th, 2019. This update will also be pushed to our production environment on Wednesday, January 16th, 2019. The following updates will be applied:
Major Version Upgrade
- None
Drupal Core Bug Fix/Security Updates
- Drupal Core 8.6.6
-
Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations.
-
A remote code execution vulnerability exists in PHP’s built-in phar stream wrapper when performing file operations on an untrusted phar:// URI.
-
Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability.
-
This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.
-
-
Contributed Module Updates
- None
OSU Module Updates
- None
OSU Theme Updates
- None
If you have questions or concerns please contact us through our contact form.
Leave a Reply