Drupal is a modular content management system, forum, blogging and community engine. It is database driven and can be used with MySQL, MariaDB, PostgreSQL, and SQLite. Its features include (but are not limited to) discussion forums, Web-based administration, theme support, a submission queue, content rating, content versioning, taxonomy support, user management with a fine-grained permission system based on user roles (groups), error logging, support for content syndication, locale support, and much more. It is considered to be an excellent platform for developers due to its clean code and extensibility, and it can also be used as a Web application framework.
|Tags||Internet Web Dynamic Content Site Management Communications Software Development Libraries Application Frameworks|
|Operating Systems||OS Independent|
Drupal.org runs on Drupal 7! This was a big and complicated project, which took longer than we expected.
Our goal was a straight port to Drupal ...
Release Notes: When pages are cached for anonymous users (either by Drupal or by an external system), the form state may leak between anonymous users. As a consequence, there is a chance that interim form input recorded for one anonymous user (which may include sensitive or private information, depending on the nature of the form) will be disclosed to other users interacting with the same form at the same time. This especially affects multi-step Ajax forms because the window of opportunity (i.e., the time span between user input and final form submission) is indeterminable. This release fixes this.
Release Notes: Multiple vulnerabilities were fixed related to optimistic cross-site request forgery protection in the Form API validation, multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand() which affected the Form API, OpenID and random password generation, code execution prevention using the files directory .htaccess for Apache, access bypassing for security token validation, cross-site scripting in the image and color modules, and an open redirect in the overlay module.
Release Notes: This release fixes multiple vulnerabilities due to optimistic cross-site request forgery protection, multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand(), code execution prevention, and access bypassing. To fix the code execution prevention vulnerability on existing Apache installations also requires changes to your site's .htaccess files in the files directories.
Release Notes: Resolves a vulnerability that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. An arbitrary PHP code execution vulnerability was also fixed in the file upload module.
Release Notes: Resolves security issues with an access bypass in the user and upload modules as well as arbitrary PHP code execution in the file upload module.