Drupal Security Advisories
This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc..).
The module doesn't sufficiently filter user-entered text among the autocompletion items...
The HTML Mail module lets you theme your messages the same way you theme the rest of your website.
When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.
This issue is related to the Drupal Core release...
The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments.
The module doesn't sufficiently sanitized some variables for shell arguments when sending email, which could lead to arbitrary remote code execution.
This issue is related to...
This articles features links and information from the Peerless design Security presentation from various Drupal Camps in the Eastern US. Audio from New Jersey's impromptu presentation can be found on the Drupal Camp NJ site for 2014. The PDF version contains all info removed to accommodate time constraints. The entire presentation is available in a white paper available here.
Drupal Weekly Drop
With the Drupalgeddon2 "trauma" still “haunting” us all — both Drupal developers and Drupal end-users — we've convinced ourselves that prevention is, indeed, (way) better than recovery. And, after we've put together, here...
Drupal 8 will actively complain when your site does not have a hash_salt configured, which usually gets generated when installing the site. (The complaint, mind you, might be fairly obscure; your site might just say "The website encountered an unexpected error. Please try again later." Depending on your error reporting settings, the message might be a bit more helpful). If, for example, you "install" a site by copying over a database and files, you will not have this.