by David Snopek on June 22, 2016 - 1:42pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a security release for Secure Password Hashes to fix a security bug.

By default in Drupal 6, all of a user's existing login sessions will be closed and the current session regenerated when a user changes their password. There was a bug in the Secure Password Hashes module that prevented this from happening.

With the help of the D6LTS vendors, a new version was released.

You can also download the patch the patch.

If you have a Drupal 6 site using the Secure Password Hashes module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Want to read more articles like this?

Subscribe

Subscribe to the myDropWizard.com blog and recieve e-mail updates when new articles are published!