Security-related announcements, such as information on best practices. These posts by the Drupal security team are also sent to the security announcements e-mail list.

PSA-2014-001 - Media - Access Bypass

  • Advisory ID: PSA-2014-001
  • Project: Media (third-party module)
  • Version: 7.x
  • Date: 2014-01-08
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass

PSA-2013-002: Direct download links available even during Drupal.org upgrade window

This is a short addition to the security announcements released on October 30th.

Due to Drupal.org's scheduled downtime on October 31, not all links in those mails may be available when you need them.

If you encounter this situation, please use the following direct URLs to the archives containing the updates.

PSA-2013-001: Drupal core - Users can insert hidden text and links

  • Advisory ID: PSA-2013-001
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2013-September-04
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

DRUPAL-PSA-2012-001 - localizations - Cross Site Scripting

  • Advisory ID: DRUPAL-PSA-2012-001
  • Version: 6.x, 7.x
  • Date: 2012-March-07
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

PSA-2012-001 - Hash DOS attack prevention with Suhosin needs a .htaccess edit

  • Advisory ID: DRUPAL-PSA-2012-001
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2012-01-11
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Denial of Service

PSA-2011-002 - External libraries and plugins

  • Advisory ID: PSA-2011-002
  • Date: 2011-June-15
  • Project: External libraries and plugins

PSA-2011-001 - "Drupal security update" social engineering

  • Advisory ID: PSA-2011-001
  • Project: Drupal core and contrib
  • Versions: All versions
  • Date: 2011-February-17
  • Security risk: Not critical

PSA-2010-002 - Views - Administer views permission

  • Advisory ID: PSA-2010-002
  • Project: Views (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2010-June-16
  • Security risk: Not critical

PSA-2010-001: Policy on release versions and permissions

  • Advisory ID: PSA-2010-001
  • Project: Drupal core and contrib
  • Versions: 5.x and 6.x and above
  • Date: 2010-May-13
  • Security risk: None

SA-CORE-2009-002 Drupal core - Administer content types permission

  • Advisory ID: DRUPAL-SA-CORE-2009-002
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2009-February-11
  • Security risk: None

Pages

Subscribe with RSS Subscribe to Security public service announcements