Releases: drupal-spider/DrupalSecurity
Releases · drupal-spider/DrupalSecurity
1.2.3
Add
-
Added
ZipExtractSniffto warn about risky uses ofZipArchive::extractTo(),ZipArchive::open(), andDrupal\\Core\\Archiver\\Zip::extract().
Full Changelog: 1.2.2...1.2.3
1.2.2
Add
- A new sniff for auditing PHP unserialize() vulnerability.
- A new sniff for auditing FieldType plugin.
Full Changelog: https://github.com/drupal-spider/DrupalSecurity/blob/1.x-master/CHANGELOG.md
1.2.1
Add
- A new sniff for auditing cache poisoning vulnerability.
Full Change log: https://github.com/drupal-spider/DrupalSecurity/blob/1.x-master/CHANGELOG.md
1.2.0
Change
-
New feature:
Now, you can install this tool via a single composer command.
composer global require drupal-spider/drupalsecurity
Full Changelog: 1.1.1...1.2.0
1.1.1 release note
Changes since 1.1.0:
- Correct dependency name in composer.json file.
- Correct project name in CHANGELOG.md file.
1.1.0 Release
Add a new sniff for checking the access to a Drupal view.
1.0.1 Release
Changes since 1.0.0:
- Correct typo for 'access content' permission.
- An entity form does not need a CSRF token.
1.0 Release
First stable release.