Here for the community? On May 9th, we'll be in New Orleans. Don’t miss out!
See Open Atrium - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-174
See Select2 Field Widget - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-173
Beta 3 release of TFA module for Drupal 7 fixes minor security risk. Read about risk and mitigating factors at https://www.drupal.org/node/2628736.
This release makes no schema or plugin compatibility changes, upgrade is recommended for all sites running TFA
Changes since 7.x-2.0-beta2:
SA-CONTRIB-2015-170 by Dave Reid, theapi: fix for anonymous users can delete Solr environments that are not default.
See Chat Room - Moderately Critical - Access Bypass - SA-CONTRIB-2015-169
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.