update to Drupal 9.2.11.
update to Drupal 7.87.
drupal-8 and drupal 9 < 9.2 do not receive security update
Thank you for reporting!
"Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may affect Drupal 9 and 7:
CVE-2021-41184: XSS in the `of` option of the `.position()` util
It is possible that this vulnerability is exploitable with some Drupal modules. As a precaution, this Drupal security release applies the fix for the above cross-site description issue, without making any of the other changes to the jQuery version that is included in Drupal."
Maintainers, please bump.
The bug has been referenced in the following commit(s):
Author: Alfredo Tupone <firstname.lastname@example.org>
AuthorDate: 2022-02-10 06:41:10 +0000
Commit: Alfredo Tupone <email@example.com>
CommitDate: 2022-02-10 06:41:10 +0000
www-apps/drupal: 7.87 bump
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Alfredo Tupone <firstname.lastname@example.org>
www-apps/drupal/Manifest | 1 +
www-apps/drupal/drupal-7.87.ebuild | 58 ++++++++++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+)