NewsDrupal Tightens Security Rules After White House Debacle

Drupal Tightens Security Rules After White House Debacle

Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

From now on Web sites running unfinished Drupal modules are on their own.

The Register’s Gavin Clarke reported that open source Drupal “has updated the wording on its security site on how it handles security fixes to clarify it will only work on vulnerabilities in completed code of modules that comprise the CMS. The change clarifies that modules in release-candidate mode will not be supported.”

Module maintainers will now be given deadlines to plug security holes. If the deadline is missed Drupal will pull the project from Drupal.org.

The change is a response to a bug found in a module that the White House used to build a plugin they released three weeks ago.

One interesting tidbit from the Register’s story is that according to Clarke, Drupal is running on one billion Web sites?

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories