[Security-news] Media - Critical - 1.x branch unsupported - SA-CONTRIB-2017-042
security-news at drupal.org
security-news at drupal.org
Wed Apr 12 19:53:42 UTC 2017
View online: https://www.drupal.org/node/2869190
* Advisory ID: DRUPAL-SA-CONTRIB-2017-042
* Project: Media [1] (third-party module)
* Date: 12-Apr-2017
-------- DESCRIPTION
---------------------------------------------------------
The Media module provides an extensible framework for managing files and
multimedia assets, regardless of whether they are hosted on your own site or
a 3rd party site - it is commonly referred to as a 'file browser to the
internet'.
-------- VERSIONS AFFECTED
---------------------------------------------------
* Only the 1.x branch is affected. The 2.x branch does not have this
vulnerability. /li>
Drupal core is not affected. If you do not use the contributed Media [2]
module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------
If you use the Media 1.x branch you should upgrade to the 2.x branch.
Also see the Media [3] project page.
-------- REPORTED BY
---------------------------------------------------------
* Fabricio Bedoya [4]
-------- FIXED BY
------------------------------------------------------------
Not applicable
-------- CONTACT AND MORE INFORMATION
----------------------------------------
The Drupal security team can be reached at security at drupal.org or via the
contact form at https://www.drupal.org/contact [5].
Learn more about the Drupal Security team and their policies [6], writing
secure code for Drupal [7], and securing your site [8].
Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [9]
[1] https://www.drupal.org/project/media
[2] https://www.drupal.org/project/media
[3] https://www.drupal.org/project/media
[4] https://www.drupal.org/u/fafabedoya
[5] https://www.drupal.org/contact
[6] https://www.drupal.org/security-team
[7] https://www.drupal.org/writing-secure-code
[8] https://www.drupal.org/security/secure-configuration
[9] https://twitter.com/drupalsecurity
More information about the Security-news
mailing list