Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By freespirit on
I'm interested is it nesecery to install some security patches after installing version 4.7? How secure is Drupal comparing with other CMS?
Comments
Security
The presence or absence of patches doesn't really have any bearing on how secure something is. A slack security team for a certain project might not release many because they miss lots of problems and conversely an ace security team for different project might release lots because they look very hard for problems.
4.7 hasn't needed any security patches yet because it is still 4.7.0 and was only released recently. The moment a security patch is released, the latest version will be increased eg 4.7.1
I am confident that 4.7 is very secure (for a PHP app at least). You might need to be careful with some contrib modules though, and if you use shared web hosting you probably have plenty of other things to worry about anyway.
In the past most Drupal security problems were related to a 3rd party XML-RPC library (bugs in that library affected lots of projects). That library was replaced in Drupal with a much more secure version and as far as I know hasn't given any problems since.
The new 4.7 Forms API seems to have much better validation etc of user entered data. So just from that perspective, I would guess that 4.7 will be pretty secure.
--
Anton
New to Drupal? | Forum posting tips | Troubleshooting FAQ
Example Knowledge Base built using Drupal
state your threat model
until you do so, your question is as meaningful as "how useful is dupal compared to other cms?"
signature left on blank check, reward if found