DrupalCI is the next generation testing infrastructure for Drupal. After years of development, DrupalCI has been rolled out for testing Drupal 8 Core and Contrib projects - and will soon be taking over testing Drupal 7 Core and Contrib as well and for Drupal 6 for the duration of its long term support window.
Drupal 7.39 and Drupal 6.37, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.39 and Drupal 6.37 release notes for further information.
Drupal 7.38 and Drupal 6.36, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.38 and Drupal 6.36 release notes for further information.
An issue was reported to the Drupal.org infrastructure team that uncovered an installed rootkit on our pre-production (dev and staging) environment on April 19th. We stopped all services on these servers. The access was gained through an open VNC port on our OpenStack environment that allowed hijacking of an open console session. The attacker was attempting to create a distributed denial of service (DDoS) attack on targeted IPs.
There is no evidence that information was taken from our staging database or that user information was compromised.
Today, we are introducing a new ‘Community’ user role on the site. It will be granted automatically to users who have been around for some time and reached a certain level of participation on Drupal.org.