Releases: backdrop-contrib/services
Releases · backdrop-contrib/services
1.x-3.27.0-beta
Issue #2945812 by joelpittet, emerham: Update Spyc
1.x-3.0.5-beta
BACKDROP-SA-CONTRIB-2020-002 https://backdropcms.org/security/backdrop-sa-contrib-2020-002
1.x-3.0.4-beta
BACKDROP-SA-CONTRIB-2019-006: https://backdropcms.org/security/backdrop-sa-contrib-2019-006
1.x-3.0.3-beta
BACKDROP-SA-CONTRIB-2019-002: https://backdropcms.org/security/backdrop-sa-contrib-2019-002
1.x-3.0.2-beta
Includes a security fix: SA-CONTRIB-2017-007 and multiple other fixes to bring the Backdrop port up to par with Drupal ongoing commits.
re Services - Critical - SQL Injection - SA-CONTRIB-2017-007
- The module doesn't sufficiently sanitize column names provided by the client when they are querying for data and trying to sort it.
- This vulnerability is mitigated by the fact that a site must have an "Index" resource enabled and the attacker must know the endpoint's URL.
1.x-3.0.1-beta
BACKDROP-SA-CONTRIB-2017-002
Security release. Upgrading is highly recommended.
Removes parser application/vnd.php.serialized
1.x-3.0.0-beta
Based on Drupal Services 3.13
Most tests green; failing most likely due to the tests rather than the code.