Drupal Security Team

Drupal issues a security advisory for the Image Sizes module, prompting users to upgrade to version 3.0.2 due to a moderately critical access bypass vulnerability. ...more

Discover the latest security update for Drupal's Registration role module, addressing an access bypass vulnerability championed by the diligent efforts of the Drupal Security Team. ...more

Drupal Security Team addresses a moderately critical vulnerability in the Coffee module, urging prompt updates for Drupal 10 administrators. ...more

Security alert: CKEditor 4 LTS module for Drupal flagged with a moderately critical Cross Site Scripting vulnerability. ...more

As Drupal 7's support nears closure, a proposal emerges for an independent D7Security team on Github, aiming to sustain vital module security beyond the support end date. ...more

Bolster defenses to protect your website from intrusions with the latest ProBlue input on fighting spam with Drupal. ...more

The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon (On-site) payment gateway, to correct this you can install the latest version. ...more

This security update addresses the cross site scripting vulnerability for the Context Module. ...more

This security update offers solution to moderately critical remote code execution vulnerability for the PDF Generator API module. ...more

The Tagify module security update helps deal access bypass as an attacker with the permission "access content" can view and reference unpublished terms. ...more

In this session Benji Fisher will help you look at Drupal security from the point of view of an outsider. ...more

Learn more about what the Drupal Security team is, how it works, and how you can join to help keep Drupal Secure. ...more