Posted by direct2 on November 4, 2014 at 5:18pm
Hi
With reference to the 15th October security alert. https://www.drupal.org/PSA-2014-003
Does anyone know how this affects Open Atrium installations and how quickly did the download packages get patched?
Having downloaded openatrium-7.x-2.23-core on the 30th of October I am hoping that the install package has already been patched.
Can anyone confirm this so I don't need to delete my development and start again.
Thanks
Alistair
Comments
There was 7.x-2.22 on the
There was 7.x-2.22 on the 15th, and I would consider a site not updated on the 15th compromised.
https://www.drupal.org/projec
https://www.drupal.org/project/drupalgeddon
https://www.drupal.org/files/project-images/How%20to%20recover%20from%20...
Agreed, the 7.x-2.22 release
Agreed, the 7.x-2.22 release fixed the security issue. If you did not update, or apply the patch (https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch) directly to Drupal core then your site might be compromised if your intranet was available over the public internet.
(Local or other development environments that have no connection to the public internet are unlikely to have been affected).
Open Atrium is still 'Drupal' so it is affected by all security issues that affect Drupal. The Open Atrium team was very fast to release a new version with the updated Drupal core, so kudos to them for that.