Marking a project as unsupported for security reasons
Last updated on
24 April 2022
If a project maintainer is not responsive to fixing an issue after multiple attempts to contact them via e-mail, IRC, Skype, and/or phone, then we may need to "unsupport" a project.
When we unsupport a project there are several steps to take:
- If the module meets general requirements for an SA then it should get an SA following the normal process.
- Edit the project node, go to the releases tab and mark the insecure releases/branches as unsupported and uncheck “Supported.”
- Edit the project node to be "Full HTML" input format and add a warning like the text below.
- Change the author of the project to the Unsupported Projects user.
- Remove the maintainers from the module
<div class="error"> This module is unsupported due to a security issue the maintainer didn’t fix. If you want to use this module, your options are: <ul> <li>Choose another, actively maintained module instead</li> <li>Following the <a href="https://www.drupal.org/node/251466">unsupported project process</a>.</li> <li>Hire someone to fix the security bug so the module can be re-published and supported (Consider hiring companies listed in the <a href="https://www.drupal.org/drupal-services/Security-reviews">Marketplace</a>)</li> </ul> </div>
Make sure to fill in the X's above with the URL and the SA title of the SA
Help improve this page
Page status: No known problems
You can:
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion