|
|
|
|
|
|
by zhte415
4243 days ago
|
|
|
This is terrible. --- We didn't want to disrupt the busy schedule of Drupalcon Attendees attended Drupalcon, a event to engage in discussion of the platform we, the organisers, know currently has a critical vulnerability. We also assume attendees are uninterested in critical vulnerabilities while attending Drupalcon. We assume attendees will be unable to return to their regular roles due to the excitement / insight / general awesomeness / other affairs unrelated to Drupal for a full week after attending out event. Non-attendees implicitly missed out on our fun We have now issued a fix, which is one line of code altering a database query string. Please be noted in our security advisory that you have almost no way to know whether your site was compromised and if it remains compromised. --- It is more than terrible. It is arrogant, negligent and contempt. |
|
|