by David Snopek on May 3, 2017 - 3:10pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Remember Me module.

Remember Me adds a "Remember me" checkbox to the login form.

It had a bug where it would override the session cookie lifetime, regardless of whether the user checked "Remember me" or not. This could affect applications that set the session cookie lifetime to a very short value, like banking websites.

(A note about the timing of this release: The Drupal 7 fix was released on April 23rd, however, we don't have any customers who depend on this module. So, it falls outside of the set of modules that we usually release security patches for on the same day they are released. But this is a module we like, so we decided to port the fix! :-))

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the Remember Me module, we recommend you update immediately!

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Want to read more articles like this?

myDropWizard.com blog Subscribe to the myDropWizard.com blog and recieve e-mail updates when new articles are published!

Add comment