Drupal 6 core security update for SA-CORE-2022-003

by David Snopek on February 16, 2022 - 11:56am

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix a Input Validation vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Cross-Site Scripting - SA-CORE-2021-002

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 security update for Colorbox module

by David Snopek on February 2, 2022 - 2:26pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Colorbox module to fix a Cross Site Scripting (XSS) vulnerability.

The Colorbox module provides a customizable lightbox.

It didn't sufficiently filter user-provided input.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the Colorbox module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 security update for jQuery UI module

by David Snopek on January 19, 2022 - 12:32pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the jQuery UI module to fix a Cross Site Scripting (XSS) vulnerability.

The jQuery UI module adds the jQuery UI Javascript library to Drupal.

Note: the 'position' and 'dialog' vulnerabilities (which affected Drupal 7 & 9), don't affect the versions of jQuery UI supported by the D6 module, those being 1.6 and 1.7.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the jQuery UI module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 security update for Wysiwyg module

by David Snopek on January 5, 2022 - 5:44pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Wysiwyg module to fix a Cross Site Scripting (XSS) vulnerability.

The Wysiwyg module provides one way to integrate various WYSIWYG editors into Drupal.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the Wysiwyg module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

myDropWizard is closing down

by David Snopek on November 22, 2021 - 10:17am

Today, I have the unenviable task of announcing some bad news:

myDropWizard is closing down, with our final day of normal operation on February 25th, 2022.

This isn't our ideal outcome - until very recently we were working hard to prepare for the upcoming Drupal 7 End-of-Life (EOL) and were on the verge of publicly announcing the details of our D7ES plans. In fact, we had already started sharing those details privately with potential customers, and had most of the marketing materials ready to go.

However, in the sprit of Thanksgiving which is coming up later this week in the USA, there is much in the 6-year history of myDropWizard that I have to be thankful for:

  • The opportunity to collaborate with many wonderful, talented and passionate people over the years (especially my co-founder Elliot Christenson)
  • The support of our customers, which has given us the resources to do the important (but unglamorous) work we felt needed to be done
  • The goodwill of the Drupal community in supporting and contributing to our efforts (especially all the folks who posted D6LTS issues and patches)

Read on for more details about what this means for D6LTS and our customers.

When Should I Sign-Up for Drupal 7 Security Support?

by Elliot Christenson on October 5, 2021 - 9:22pm

We get asked a bunch of questions pretty much every day now. "Drupal 7 EOL is coming at the end of 2022. Are you going to support it? For how long? What do I need to do?"

Drupal 6 LTS Until (at least) 2023 - and Thoughts on Drupal 7ES!

by Elliot Christenson on September 1, 2021 - 11:18pm

Drupal 6 just might live forever.

This isn't so much an announcement as it is a reminder: if you know of any sites out there running Drupal 6, they probably want to make sure we keep supporting it!

Drupal 6 Long-Term Support (D6LTS) until at least February, 24th 2023!

Why Did We Take Drupal 8 Support Off Our Website?!

by Elliot Christenson on August 5, 2021 - 12:41am

It's August 4th, 2021, and we (finally?) took off Drupal 8 Support! This may come as a surprise to anyone who knows myDropWizard as the place to go for long-term support of old Drupal versions.  This remains true for Drupal 7 (and even 6), but as Drupal 8 is set to soon lose official community support, we've decided to do the same.

Drupal 7 and Drupal 8 End of Life (EOL)

by Elliot Christenson on June 2, 2021 - 8:41pm

What Does Drupal “End of Life” (EOL) Even Mean?

In the Drupal world, when a version reaches EOL status, the community comes to a consensus to not issue new free updates or offer free support for that version. The intention is to allow community resources to get focused on new versions. This means new features aren't added, modern standards don't get implemented, and bugs don't get fixed for the older versions. Drupal 6 is currently in this EOL status. Thousands of these D6 sites require Long Term Support from a vendor like myDropWizard or extreme vigilance by their owners.

Drupal 6 core security update for SA-CORE-2021-002

by David Snopek on April 21, 2021 - 12:25pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix a Cross-Site Scripting (XSS) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Cross-Site Scripting - SA-CORE-2021-002

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there were other Drupal core security advisories made today, but those don't affect Drupal 6.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Subscribe to Blog on Drupal 7-8 Support and Maintenance + Drupal 6 Long-Term Support: myDropWizard

We're a Top 40 Drupal Blog!