Pending Security Fixes

Events happening in the community are now at Drupal community events on www.drupal.org.
dschafer's picture
Posted by dschafer on November 6, 2019 at 6:41pm

I would like to know if there are any pending XSS security fix releases. I don't need to know the specifics of core or modules.

I guessing the answer is "we can't say" but I'll give it a shot.

Comments

The security team encourages

Posted by greggles on November 6, 2019 at 8:43pm
greggles's picture

The security team encourages site owners to report hacked sites to us so we can be aware of trends. If we suspect that an issue in our private queue is being exploited our policy is:

  1. we will do what we can to accelerate work on that issue.
  2. If there is no work on the issue we may just make the information all public so the issue can be addressed by the community of users of that module.

After 11 years on the team I'm not really sure of any cases where the issue was being exploited before the Security Advisory was published and a patch was available.

If you think you know of a site that has been hacked, please provide details to the Security Team so we can understand the situation and look for any indicators of a vulnerability that needs to be fixed in code on drupal.org

knaddison blog | Morris Animal Foundation

Contact Info

Posted by dschafer on November 7, 2019 at 10:10pm
dschafer's picture

Hi,
There definitely appears to be an exposure. What's the best way to communicate what I've discovered.

Thanks
Dave

"How to report a security issue with Drupal core, contrib..."

Posted by cspitzlay on November 8, 2019 at 8:17am
cspitzlay's picture

Here's a description: https://www.drupal.org/node/101494

HTH

Edit: Haha, that's the same link that greggles had already mentionend.

Security

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: