AnsweredAssumed Answered

Drupal vulnerabilities in BlindElephant - BlackHatUSA2010 - Community.pdf

Question asked by Greg Knaddison on Jul 30, 2010
Latest reply on Aug 5, 2010 by Greg Knaddison

I read your recent report BlindElephant -  BlackHatUSA2010 - Community.pdf

 

In the report you show that all Drupal versions below 6.16 are vulnerable (slide 36 shows this). In fact Drupal's standard is to support 2 major branches of code, currently those are 5.x and 6.x. Users on Drupal 5.22 or 6.16 or 6.17 are currently on the latest recommended release.

 

Can you clarify if this was an oversight in the report or whether you are claiming that there are critical vulnerabilities in Drupal 5.22?

Outcomes