Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

Sector 10 is coming! Find out more on our Sector 10 roadmap and preview

Security Updates

Issue date:

Wed 20 Sep 2023

The security update to address SA-CORE-2023-006 will be included in Sector 9.5.8.

Background

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

Read the Drupal Security Advisory

Sector 10 is coming!

Find out more in our Sector 10 roadmap.

Learn more

Need Help?

Sector is brought to you by Sparks Interactive - supporting Sector from Wellington and Auckland

Open Source award winner!

Sparks Interactive are delighted to accept the Open Source Use in Business award for Sector and the Sector.nz open source platform.

Find out more

Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

Background

10.0.0-rc5, fixes in preparation for the 10.0.0 release

10.0.0-rc4, fixes in preparation for the 10.0.0 release

10.0.0-rc3, fixes in preparation for the 10.0.0 release

10.0.0-rc2, fixes in preparation for the 10.0.0 release

10.0.0-rc1, fixes in preparation for the 10.0.0 release

10.0.0-alpha12, Sector table of content and minor updates

Sector 10 is coming!

Need Help?

Open Source award winner!

Subscribe for Sector updates