GHSA-M895-2HJ3-8CG9 Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually

In Shopware core and platform versions before 6.6.10.7 and 6.7.3.1, media visibility restrictions applied by MediaVisibilityRestrictionSubscriber are not enforced for aggregation API requests. Authorization filters are only injected during standard entity reads; aggregation queries can be...

DRUPAL-CONTRIB-2023-003

The Media Library Block module allows you to render a media entity in a block. The module does not properly check media access in some circumstances. This may result in unauthorized users including anonymous users seeing media items they are not authorized to access if a block containing a...

MDVA-2009:063 : mdkonline

This update fixes several issues with mdkapplet. On 2009.1 PowerPack, mdkonline wrongly set up the 2009.0 restricted media instead of the 2009.1 ones 50478. Mdkapplet checks once a day if a new distribution is availlable. When checking again for updates every 3 hoours by default, mdkapplet forgot...