Is there a patch for SA-CORE-2018-002?
-
19-01-2021 - |
Вопрос
How can I apply patch for my Drupal 6 site which is working quite fine until now?
I've checked the patch in Drupal 7. It's using sanitize()
. How do I add it in Drupal 6?
At the same time I'm working to have it upgraded to Drupal 8.
Решение
Per the official the FAQ about SA-CORE-2018-002:
I manage a Drupal 6 site, is a fix available?
Yes, Drupal 6 is also affected and the Drupal 6 Long Term Support project has patches available.
The issue for this is [core] Add D6LTS patch for SA-CORE-2018-002. The issue has a patch from a security team member and further information.
2018-03-30 update:
Per a security team member in a recent comment:
Please just upgrade Drupal core rather than patching!
Note also the D6lts patch and corresponding github releases for that and Pressflow 6 were updated to fix a subtle flaw in the released security fix that was affecting a couple contrib modules including Organic Groups (og) for Drupal 6.
https://github.com/d6lts/drupal/releases/tag/6.43
https://github.com/pressflow/6/releases/tag/pressflow-6.43.124