Project Ricochet's top notch developers, designers and PM’s allowed us to bring our vision of an e-commerce style class search to life. We had a tight budget and a lot of unexpected problems on the Berkeley side. Utilizing Ricochet's state of the art tracking tools and disciplined scrum approach allowed us to surmount every challenge and end up with a fantastic application. We loved the creative collaboration that allowed us to remake a boring campus class schedule into a high-octane search tool that our students and faculty love! Thank you Casey and the whole PR team!
—Johanna Metzgar

Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070

Wed, 2024-12-04 07:51 — Anonymous (not verified)

Project: Minify JSDate: 2024-December-04Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross site request forgeryAffected versions: <3.0.3Description: The Minify JS module allows a site administrator to minify all javascript files that exist in the site's code base and use those minified files on the front end of the website.
Several administrator routes are unprotected against Cross-Site Request Forgery (CRSF) attacks.Solution: Install the latest version:

If you use the Minify JS module for Drupal 7.x, upgrade to Minify JS 7.x-1.11
If you use the Minify JS module for Drupal 8.x, upgrade to Minify JS 3.0.3

Reported By:

Pierre Rudloff

Fixed By:

Ivo Van Geertruyen of the Drupal Security Team
Scott Joudry

Coordinated By:

Ivo Van Geertruyen of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2024-070

Search form

Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070