Commanding Chaos for Coworking, Open Source and Creative Communities

Drupal Security Team response about insecure update process | Drupal Groups

Mon, 01/11/2016 - 12:07 -- rprice

Recently, a security researcher reported some vulnerabilities to the Drupal Security Team. The Security Team and researcher worked together to understand the risks and decided that the potential impact was small enough that the reported problems could be fixed in public and that the researcher would write a blog post with their perspective on the situation. Below are some quotes of the critical issues from the blog post and the Drupal Security Team’s analysis of the risks.