Drupal 8.0.0-rc1 released

We now present the first release candidate for Drupal 8.0.0! Drupal 8 includes a tremendous number of new features and improvements for both users and developers. We revamped Drupal’s user interface; added WYSIWYG and in-place editing; significantly improved mobile support; added and improved key contributed modules including Views, Date, and Entity Reference; introduced a new object-oriented backend leveraging Symfony components; revamped configuration management; improved multilingual support; and added hundreds of other improvements.

visit Drupal

Drupal Core – Highly Critical – Public Service announcement – PSA-2014-003

This Public Service Announcement is a follow up to SA-CORE-2014-005 – Drupal core – SQL injection. This is not an announcement of a new vulnerability in Drupal. Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection.

visit Drupal

SA-CORE-2014-004 – Drupal core – Denial of service

Description Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available (xmlrpc.php). The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site’s database to reach the maximum number of open connections.

visit Drupal

Blog at WordPress.com.

Up ↑

%d bloggers like this: