2024-09-11 (2 commits)

Overview

twig vendor upgrade for security change, and added test coverage for State.

Changes

It covers commits from 2024-09-11 on 11.x branch.

#2386195: State has no dedicated test coverage

#2386195 - b155910d6a80bfc0c42e4648dd29a0ccfd89140d

Test coverage for .

#3473195: twig/twig has a possible sandbox bypass <v3.14.0

#3473195 - 44ae8844e761dba9997f79036de1bf75a8e7e75e

Twig security upgrade to v3.14.0. To fix recently disclose twig security problem.

See https://github.com/advisories/GHSA-6j75-5wfj-gh66.

Annex

Meta

• Commits: 2
• Approach:
  • Direct commit: 0
  • Merge request + Patch: 1
  • Merge request: 1
  • Patch: 0
• Shortest running issue: 1 days
• Longest running issue: 9 years
• People: 9
• Volunteers: 4
• Organizations: 11
  • Centers for Medicare and Medicaid Services
    • mile23
  • CivicActions
    • mile23
  • Drupal Ukraine Community
    • voleger
  • Full Fat Things
    • longwave
  • GOLEMS GABB
    • voleger
  • LakeDrops
    • jurgenhaas
  • Material
    • samit.310@gmail.com
  • Mobomo
    • smustgrave
  • Morpht
    • naveenvalecha
  • PreviousNext
    • quietone
  • Third and Grove
    • catch
  • Volunteers
    • mile23
    • voleger
• Maintainers accepting changes
  • Alex Pott
  • catch
• Tags
  • vendor (1)
  • tests (1)
  • Needs Review Queue Initiative (1)

The set

$ git log --oneline --reverse --since=2024-09-10T23:59:59+00:00 --until=2024-09-12T00:00:00+00:00
44ae8844e7 Issue #3473195 by longwave, catch, jurgenhaas, naveenvalecha, quietone: twig/twig has a possible sandbox bypass <v3.14.0
b155910d6a Issue #2386195 by dawehner, samit.310@gmail.com, voleger, daffie, smustgrave, mile23: State has no dedicated test coverage

$ git diff --shortstat 44ae8844e7~1..b155910d6a
 6 files changed, 409 insertions(+), 14 deletions(-)