1.2 release improves file permissions check, adds check for PHP filter, passwords in email, and corrected minor bugs. Fixed issue with symlinked directories.
Check system split to separate file. If you've implemented hook_security_checks() consult the API.txt for compatibility.
Issue #1227580 by coltrane: Added API.txt.
Fixes to drush command to support stored skips. Minor text cleanups
Issue #1343958 by coltrane Drush file permissions check always passes
Issue #1153486 by coltrane suppress warning failed to open stream
Issue #1355192 by coltrane and greggles: flv file type is allowed
Fix for check skips not working correctly
Issue #1339004 by coltrane: Turn into focused check system
Issue #1322554 by opoplawski: Fixed File permissions check follows subdir
Issue #1228748 by coltrane: Added New security check PHP filter for anonymous
Issue #1281968 by coltrane: Fixed file extension check 404
Issue #1153486 by greggles: Added Attempt to create file for system file permissions check
Issue #1147250 by BrockBoland - Don't send passwords in email
Release 1.1 of the Security Review module for Drupal 6. It is recommended that all 1.0 users upgrade to this release for new features and bug fixes. This release includes several new checks and better processing of the checklist.
To upgrade you should disable and uninstall your existing Security Review module, taking care to record which checks you have skipped, if any, and which roles you have marked as untrusted. Once uninstalled copy over the new module's files and enable.
* Issue #746400 Add administer nodes permission check
* Feature #725902 by coltrane: Give warnings about Views without any access control
* Issue #993942 by coltrane and greggles: Check Filefield extensions
* Issue #755766 by coltrane Better handling of time outs
* Issue #830970 by greggles and coltrane: Test password strength by comparing password to username
* Issue #1087116 by greggles and coltrane: Check dblog module is enabled before providing SQL checks
* Issue #755766 by coltrane: Provide batch processing.
* Updated unsafe tags to include video and audio
* Expanded drush integration
* Drush support for rainbow table password check
* Allow for help when Security Review defines checks on behalf of other modules.
* Issue #989314 by coltrane: Fixed Subsite installation: 'Run checklist' timeout, opendir fails.
Drupal 7 compatible development release of the Security Review module.
Run update.php on your site after upgrading to Drupal 7.
A 1.0 release of Security Review can be expected in the first half of 2011.
1.0 release of Security Review. Security Review automates checking many of the configuration errors that lead to an insecure Drupal site.
Includes the following checks:
- File system permissions
- Input formats
- Dangerous tags in nodes and comments
- Error reporting
- Private files
- Upload extensions
- Query errors
- Failed logins
- Drupal permissions
Development release of Security Review module
It is not recommended you use this development release on production systems