This forum is deprecated — view current Drupal core security advisories

SA-CORE-2009-006 - Drupal core - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2009-006
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-May-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Categories: Drupal 5.x, Drupal 6.x

SA-CORE-2009-005 - Drupal core - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2009-005
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Categories: Drupal 5.x, Drupal 6.x

New pages and RSS feeds for security announcements

By pwolanin on

Separate Security Announcements by Type

To make the impact of different security advisories and announcements easier to see, they are now separated by type.

Drupal core security advisories: http://drupal.org/security
RSS feed for Drupal core: http://drupal.org/security/rss.xml

Contributed project security advisories: http://drupal.org/security/contrib
RSS feed for contributed projects: http://drupal.org/security/contrib/rss.xml

Public service announcements: http://drupal.org/security/psa
RSS feed for announcements: http://drupal.org/security/psa/rss.xml

We encourage those using RSS readers to track security-related developments to subscribe to all three of these feeds.

All posts to each of these three forums will still be sent to the one security announcements e-mail list. To subscribe to that e-mail list, once logged in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

All future public service announcements will only be posted to the Public service announcements page and feed.

SA-CORE-2009-004 - Local file inclusion on Windows

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2009-004
  • Project: Drupal core
  • Versions: 5.x
  • Date: 2009-February-25
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Local file inclusion on Windows
  • Reference: SA-CORE-2009-003 (6.x)
Categories: Drupal 5.x

SA-CORE-2009-003 - Local file inclusion on Windows

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2009-003
  • Project: Drupal core
  • Versions: 6.x
  • Date: 2009-February-25
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Local file inclusion on Windows
Categories: Drupal 6.x

SA-CORE-2009-001 Drupal core - Multiple vulnerabilities

By Gábor Hojtsy on
  • Advisory ID: DRUPAL-SA-CORE-2009-001
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2009-January-14
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities
Categories: Drupal 5.x, Drupal 6.x

Pages

Subscribe with RSS Subscribe to RSS - Deprecated - Security advisories for Drupal core