Captcha Keypad

This module provides an alternative captcha security, where the user can use
a keypad to be to enter simple captcha numbers.
The keypad can be configured to shuffle the keys, improving difficulty of
automated bots to click on the right button.

Vulnerability which is only present in a non-stable release

1. Grant the module maintainer access to the issue so they will know what is going on.
2. Post this as a comment on the issue (note that "NAME" in the bug report URL below needs to be replaced with the actual project name).

If the report was received via email, do the same things, but via email.

Thank you for reporting this issue.

Services Security Updates

This page is used as documentation for Services Security. It is unfortunate that issues come up that affect Services, but running the latest version of Services should help mitigate any issues.

If you see an issue and think it is security related, please follow the instructions here

Updating OpenAid

The update process with OpenAid is the same as process as updating modules on a standard Drupal site. Note that contributed modules for OpenAid live in profiles/openaid/modules/contrib rather than the common set up sites/all/modules/contrib.

OpenAid does have regular updates, oftentimes to keep up with security releases of Drupal core and contributed modules, however, OpenAid site maintainers are encouraged to update modules (especially those with security updates) as updates become available rather than waiting for a new release of OpenAid.

Clickjacking is not considered a weakness in core

A vulnerability known as clickjacking allows a malicious user to target authenticated users of a site to trick them into taking actions they do not intend by placing the target site into an iframe.

Prior to Drupal 7.50, Drupal core does not have any protection against clickjacking attacks.


Subscribe with RSS Subscribe to RSS - security