Subject: CVS commit: pkgsrc/www/drupal9
From: Takahiro Kambe
Date: 2022-07-31 16:26:59
Message id: 20220731142659.E8B53FB1A@cvs.NetBSD.org

Log Message:
www/drupal9: update to 9.3.20

9.3.20 (2022-07-28)

This is a patch (bugfix) release of Drupal 9 and is ready for use on
production sites.  Learn more about Drupal 9.

* Drupal core uses the third-party Diactoros library as its PSR-7
  implementation. Diactoros has issued a security advisory:

* CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header
  Attack

Drupal core is unlikely to be vulnerable.  This bugfix release updates the
version of Diactoros used in drupal/core-recommended to a secure version as
a precaution.

9.3.19 (2022-07-20)

This is a security release of the Drupal 9 series.

This release fixes security vulnerabilities.  Sites are urged to update
immediately after reading the notes below and the security announcement:

* Drupal core - Moderately critical - Information Disclosure -
  SA-CORE-2022-012

* Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

* Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014

* Drupal core - Moderately critical - Multiple vulnerabilities -
  SA-CORE-2022-015

No other changes are included.

Files:
RevisionActionfile
1.5modifypkgsrc/www/drupal9/Makefile
1.3modifypkgsrc/www/drupal9/PLIST
1.3modifypkgsrc/www/drupal9/distinfo