This project is not covered by Drupal’s security advisory policy.

Created on 19 January 2024, 11 months ago
Updated 5 February 2024, 11 months ago

Problem/Motivation

Module is not opted into security coverage, and shows a "Use at your own risk".

@Engineer_UA, can you opt in? I don't have edit access to this module.

A security advisory is a public announcement managed by the Drupal Security Team which informs site owners about a reported security problem in Drupal core or a contributed project and the steps site owners should take to address it. (Usually this involves updating to a new release of the code that fixes the security problem.) The problem is kept secret until the advisory is ready to be released, at which point it is publicized widely so that site owners can address it quickly.

For examples, look through past security advisories for Drupal core and contributed projects.

Occasionally, the security team may issue a public service announcement on a Monday before a Wednesday security release, notifying users that a specific release is upcoming. This can be done for highly critical or critical issues which we feel might be easily turned into automated attacks.
Which Projects are Covered?

Covered contributed projects have a grey shield icon and “Stable releases for this project are covered by the security advisory policy.” note on their project page.

Screenshot of “Stable releases for this project are covered by the security advisory policy”

Project maintainers may opt into security advisory coverage when they meet the requirements:

  • A maintainer with “write to VCS access” has applied to have the "vetted" role, and received it.
  • The project is a full project, not sandbox projects.
  • There are no known security issues, open issues tagged “security” for the project.
  • New project

s must wait 10 days before opting in.

If all the requirements are met, the maintainer can edit their project to opt into coverage. This policy changed in March 2017, all projects created before then are opted into security advisory coverage.

In rare cases, the Drupal Security Team can make exceptions. For example, shortening the 10 day waiting period if a project’s codebase is copied from a covered project.

📌 Task
Status

Fixed

Version

1.0

Component

Miscellaneous

Created by

🇨🇦Canada sagesolutions

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024