Skip to main content Skip to search
Can we use first and third party cookies and web beacons to understand our audience, and to tailor promotions you see?
Main menu
  • Drupal.org home
  • Discover Drupal
    • Drupal Core
    • Drupal CMS
    • Drupal AI
    • Case Studies
    • Drupal for Government
    • Drupal for Higher Education
    • Drupal for Nonprofit
    • Drupal for eCommerce
    • Drupal for FinTech
    • Drupal for Healthcare
    • Drupal for Enterprise
    • Drupal for Retail
    • Drupal for Travel & Tourism
  • Build with Drupal
    • Download Drupal
    • Documentation
    • Getting started
    • Local Development Guide
    • Developer Resources
    • Drupal CMS User Guide
    • Drupal User Guide
    • API
    • Modules
    • Themes
    • Recipes
    • Site Templates
    • Issue queues
    • Security Advisories
  • Partners & Services
    • Find a Drupal Certified Partner
    • Become a Drupal Certified Partner
    • Find a Hosting Provider
    • Find a Migration Partner
    • Find Training
    • Drupal Steward
  • Community
    • About the Community
    • How to Contribute
    • DrupalCon
    • Events
    • Jobs / Careers
    • News & Blogs
    • Forum
    • Slack
    • Newsletters
    • Drupal Swag Shop
  • Support Drupal
    • The Drupal Association
    • Donate
    • Become a Partner
    • Become a Ripple Maker
    • Become an Organization Member
    • Drupal Swag Shop
  • Get Started
    • Try Drupal CMS
    • Try Hosting
Return to content

Search form

  • Log in, view profile, and more
    • Log in
    • Create account
Documentation
Security Team procedures
Advertising sustains the DA. Ads are hidden for members. Join today

Security Team procedures

  • Adding new members to the security team
  • Common tasks for Security Team members
  • Creating a Drupal core security release
  • Disclosure of usernames and user IDs is not considered a weakness
  • Drupal Security Team Disclosure Policy for Security Team Members
  • Security Team expectations for employers
  • How to invite a maintainer to participate in the issue
  • How a security Issue goes from initial report to Security Advisory
  • Making a public issue for security.drupal.org issues with status "Needs public followup"
  • Marking a project as unsupported for security reasons
  • Security issue release process
  • Security Team chat channels (IRC and Slack)
  • Security Team member triage duty
  • Security Team message templates
  • Security issues on git.drupalcode.org

Creating a Drupal core security release

Last updated on
30 March 2017

Refer to the instructions for rolling a new core release.

Help improve this page

Page status: No known problems

You can:
  • Log in, click Edit, and edit this page
  • Log in, click Discuss, update the Page status value, and suggest an improvement
  • Log in and create a Documentation issue with your suggestion
Drupal’s online documentation is © 2000-2026 by the individual contributors and can be used in accordance with the Creative Commons License, Attribution-ShareAlike 2.0. PHP code is distributed under the GNU General Public License.
Infrastructure management for Drupal.org provided by Tag1 logo
Need a Drupal 7 extended support partner? Consider Tag1.

News items

  • News
  • Planet Drupal
  • Social media
  • Sign up for Drupal news
  • Security advisories
  • Jobs

Our community

  • Community
  • Services, Training & Hosting
  • Contributor guide
  • Groups & meetups
  • DrupalCon
  • Code of conduct

Documentation

  • Documentation
  • Drupal Guide
  • Drupal User Guide
  • Developer docs
  • API.Drupal.org

Drupal code base

  • Download & Extend
  • Drupal core
  • Modules
  • Themes
  • Distributions

Governance of community

  • About
  • Web accessibility
  • Drupal Association
  • About Drupal.org
  • Terms of service
  • Privacy policy

Drupal is a registered trademark of Dries Buytaert.