"Ricochet was very impressive with their knowledge, abilities and professionalism. We never ran into a technological roadblock or problem that couldn't be solved. They were able to offer new, cutting-edge solutions around every corner, and they were fantastic about staying in communication. It seemed like we were always able to get ahold of someone, whether it was Tuesday at 1am or Saturday at 7am, someone was quick to respond and help address an emergency or even a simple inquiry. Truly professional service, and quality work.
—Jacob Sowinski, Blue Canvas

Smartling Connector - Less critical - Multiple vulnerabilities - SA-CONTRIB-2024-053

Wed, 2024-10-23 08:45 — Anonymous (not verified)

Project: Smartling ConnectorDate: 2024-October-23Security risk: Less critical 9 ∕ 25 AC:Complex/A:Admin/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Multiple vulnerabilitiesDescription: Smartling module allows you to translate content in Drupal 7 using the Smartling Translation Management Platform.
The module includes an outdated version of the Guzzle package (guzzlehttp/guzzle 6.3.3), which has known security vulnerabilities.Solution: Install the latest version:

If you use Smartling module for Drupal 7.x-4.x, upgrade to smartling 7.x-4.19
If you use Smartling module for Drupal 7.x-3.x, upgrade to smartling 7.x-3.8

Reported By:

Pierre Rudloff

Fixed By:

Pavel Loparev

Coordinated By:

Juraj Nemec of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2024-053

Search form

Smartling Connector - Less critical - Multiple vulnerabilities - SA-CONTRIB-2024-053