---
- branch: MAIN
  date: Sun Jul 31 14:26:59 UTC 2022
  files:
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/www/drupal9/Makefile
    pathrev: pkgsrc/www/drupal9/Makefile@1.5
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/www/drupal9/PLIST
    pathrev: pkgsrc/www/drupal9/PLIST@1.3
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/www/drupal9/distinfo
    pathrev: pkgsrc/www/drupal9/distinfo@1.3
    type: modified
  id: 20220731T142659Z.a4a225ddae78d19ba2e27a9a4dac398e5e144536
  log: |
    www/drupal9: update to 9.3.20

    9.3.20 (2022-07-28)

    This is a patch (bugfix) release of Drupal 9 and is ready for use on
    production sites.  Learn more about Drupal 9.

    * Drupal core uses the third-party Diactoros library as its PSR-7
      implementation. Diactoros has issued a security advisory:

    * CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header
      Attack

    Drupal core is unlikely to be vulnerable.  This bugfix release updates the
    version of Diactoros used in drupal/core-recommended to a secure version as
    a precaution.

    9.3.19 (2022-07-20)

    This is a security release of the Drupal 9 series.

    This release fixes security vulnerabilities.  Sites are urged to update
    immediately after reading the notes below and the security announcement:

    * Drupal core - Moderately critical - Information Disclosure -
      SA-CORE-2022-012

    * Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

    * Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014

    * Drupal core - Moderately critical - Multiple vulnerabilities -
      SA-CORE-2022-015

    No other changes are included.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/drupal9'
  unixtime: '1659277619'
  user: taca