|
|
|
|
|
|
by TacticalMalice
4263 days ago
|
|
|
> now suddenly put thousands of installations at risk There's a solution that goes with the advisory. You cannot provide a patch without putting sites at risk. Furthermore, the vulnerability was present since the Drupal 7.0 release, several years ago. There were no exploits seen in the wild. What are a few weeks then? The team decided that speed to patch sites asap _after_ release of the information was critical. This is the reason why it was released after a pre-announcement and after a conference tying up most stakeholders. |
|
|