Drupal Security Team

Security

Drupalgeddon2 Lasting Impact on Web Application Security

Share

× SHARE

INE examines the CVE-2018-7600 Drupalgeddon2 remote code execution vulnerability and its enduring effects on web application security. The article details the Form API sanitization patch, security updates for Drupal 7.58 and 8.5.1, and underscores the ongoing need for timely patch management and secure coding practices. ...more

Read Full Content
Security

Drupal Security Team Launches LinkedIn Page to Share Updates and Best Practices

Share

× SHARE

The Drupal Security Team has launched a new LinkedIn page to share security updates, best practices, and industry insights. Community members are invited to follow the page, suggest content ideas, and help promote Drupal’s security efforts. More details are available on the Drupal Security Team’s LinkedIn page. ...more

Read Full Content
Security

Security Advisory: Access Bypass Vulnerability in Drupal Image Sizes Module

Share

× SHARE

Drupal issues a security advisory for the Image Sizes module, prompting users to upgrade to version 3.0.2 due to a moderately critical access bypass vulnerability. ...more

Read Full Content
Security

Critical Security Update: Registration Role Module Access Bypass Fix

Share

× SHARE

Discover the latest security update for Drupal's Registration role module, addressing an access bypass vulnerability championed by the diligent efforts of the Drupal Security Team. ...more

Read Full Content
Security

Critical Update: Drupal Security Advisory for Coffee Module

Share

× SHARE

Drupal Security Team addresses a moderately critical vulnerability in the Coffee module, urging prompt updates for Drupal 10 administrators. ...more

Read Full Content
Security

CKEditor 4 LTS Security Alert: Cross Site Scripting Vulnerability

Share

× SHARE

Security alert: CKEditor 4 LTS module for Drupal flagged with a moderately critical Cross Site Scripting vulnerability. ...more

Read Full Content
Discover Drupal

Proposal for Independent D7 Security Team on Github

Share

× SHARE

As Drupal 7's support nears closure, a proposal emerges for an independent D7Security team on Github, aiming to sustain vital module security beyond the support end date. ...more

Read Full Content
Security

Reinforce Defense to Fortify Your Drupal Website from Spam

Share

× SHARE

Bolster defenses to protect your website from intrusions with the latest ProBlue input on fighting spam with Drupal. ...more

Read Full Content
Security

Moderately Critical Commerce Elavon Security Update

Share

× SHARE

The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon (On-site) payment gateway, to correct this you can install the latest version. ...more

Read Full Content
Security

Moderately Critical Context Module Security Update

Share

× SHARE

This security update addresses the cross site scripting vulnerability for the Context Module. ...more

Read Full Content
Security

Moderately Critical PDF Generator API Security Advisory

Share

× SHARE

This security update offers solution to moderately critical remote code execution vulnerability for the PDF Generator API module. ...more

Read Full Content
Security

Moderately Critical Tagify Security Update

Share

× SHARE

The Tagify module security update helps deal access bypass as an attacker with the permission "access content" can view and reference unpublished terms. ...more

Read Full Content

Latest

Key Factors for Choosing a Drupal Development Agency

18 July 2025
HIPAA & ISO 27001 Compliance for Enterprise Websites in 2025

18 July 2025
Drupal Domain Module Multi-Site Management Guide

18 July 2025

Follow @thedroptimes