General information
Security team
CVE assignment
How we assign CVE's
Contacted by the security team. Now what?
This page explains a series of steps maintainers need to follow when security issues are reported to the Drupal Security Team
Drupal 7 Extended Support Program
Drupal 7 Extended Support program will not be provided after EOL
Drupal Steward
Overview of the Drupal Steward program, with subpages answering common questions
Security advisory process and permissions policy
What is a Security Advisory?
Security release numbers and release timing
Security release windows are every Wednesday
Security risk levels defined
The following information explains how the criticality levels as a general guideline for determining security risk levels.
Security track record
Composed of a set of respected community volunteers, and one of the first dedicated Security Teams in an open source CMS project, the Drupal
Drupal 6 Long Term Support
At this point we are no longer accepting new D6 LTS vendors applications
How to Join the Drupal Security Team
How to Join the Drupal Security team
Security Team procedures
Security Team procedures
- Common tasks for Security Team members
- Creating a Drupal core security release
- Disclosure of usernames and user IDs is not considered a weakness
- Drupal Security Team Disclosure Policy for Security Team Members
- Security Team expectations for employers
- How to invite a maintainer to participate in the issue
- How a security Issue goes from initial report to Security Advisory
- Making a public issue for security.drupal.org issues with status "Needs public followup"
- Marking a project as unsupported for security reasons
- Security issue release process
- Security Team chat channels (IRC and Slack)
- Security Team member triage duty
- Security Team message templates
- Security Team procedures
Becoming primary maintainer of a project that is unsupported for security reasons
Becoming primary maintainer of a project that is unsupported for security reasons