March 3, 2021
Hot Topics:

Drupal Tightens Security Rules After White House Debacle

  • By Developer.com Staff

From now on Web sites running unfinished Drupal modules are on their own.

The Register's Gavin Clarke reported that open source Drupal "has updated the wording on its security site on how it handles security fixes to clarify it will only work on vulnerabilities in completed code of modules that comprise the CMS. The change clarifies that modules in release-candidate mode will not be supported."

Module maintainers will now be given deadlines to plug security holes. If the deadline is missed Drupal will pull the project from Drupal.org.

The change is a response to a bug found in a module that the White House used to build a plugin they released three weeks ago.

One interesting tidbit from the Register's story is that according to Clarke, Drupal is running on one billion Web sites?

View Article

This article was originally published on June 10, 2010

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date