Message to contrib maintainer who hasn't responded to our report
Subject: Response required on security issue in a module you maintain
Hello,
We have contacted you about a possible vulnerability in [project_name]. However, we don't have a record of any response. Please verify the reported vulnerability and let us know whether the vulnerability exists. If it is a valid vulnerability, please upload a patch and draft a Security Advisory using the tools on the private issue.
You have been granted access to the private issue at https://security.drupal.org/node/[nid] where you will find more details about the vulnerability.
Please do NOT commit any code right away! We invite you to suggest a fix by uploading a patch or reviewing any existing patch if one exists for the issue. The security team will assist you if you have questions and ensure that the patch is valid from a security standpoint. Please keep this vulnerability a secret so as not to jeopardize the sites using this module.
If we confirm the vulnerability exists but receive no response from you within the next 2 weeks, we will assume the project is not maintained, unpublish all releases, and mark the project page as abandoned.
Kind regards,
[profile_fullname] on behalf of the Drupal Security Team
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion