Blacklist modules

Giving the most recent critical security vulnerability detected, https://www.drupal.org/sa-core-2023-006, a question arose regarding the possibility to backlist a module, until a patch is applied.

After investigation, it appears out of the box, this feature is not possible, however there's a module which provides said functionality.

I propose we add to our distribution https://www.drupal.org/project/module_blacklist. The module allows site administrators to block certain module from being installed, based on a blacklist set on settings.php file.

In this case simply adding the mentioned module, results in blocking fresh installations of said module.

$settings['module_blacklist'] = [
  'jsonapi',
];

Block ludwig.