The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:
Exploits may be possible if Drupal is configured to allow
.tlz file uploads and processes them.
Install the latest version:
- If you are using Drupal 9.1, update to Drupal 9.1.3.
- If you are using Drupal 9.0, update to Drupal 9.0.11.
- If you are using Drupal 8.9, update to Drupal 8.9.13.
- If you are using Drupal 7, update to Drupal 7.78.
Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.
Disable uploads of
.tlz files to mitigate the vulnerability.