Drupal 6 core security update for SA-CORE-2022-003

by David Snopek on February 16, 2022 - 11:56am

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix a Input Validation vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Cross-Site Scripting - SA-CORE-2021-002

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 security update for Colorbox module

by David Snopek on February 2, 2022 - 2:26pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Colorbox module to fix a Cross Site Scripting (XSS) vulnerability.

The Colorbox module provides a customizable lightbox.

It didn't sufficiently filter user-provided input.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the Colorbox module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 security update for jQuery UI module

by David Snopek on January 19, 2022 - 12:32pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the jQuery UI module to fix a Cross Site Scripting (XSS) vulnerability.

The jQuery UI module adds the jQuery UI Javascript library to Drupal.

Note: the 'position' and 'dialog' vulnerabilities (which affected Drupal 7 & 9), don't affect the versions of jQuery UI supported by the D6 module, those being 1.6 and 1.7.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the jQuery UI module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 security update for Wysiwyg module

by David Snopek on January 5, 2022 - 5:44pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Wysiwyg module to fix a Cross Site Scripting (XSS) vulnerability.

The Wysiwyg module provides one way to integrate various WYSIWYG editors into Drupal.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the Wysiwyg module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 LTS Until (at least) 2023 - and Thoughts on Drupal 7ES!

by Elliot Christenson on September 1, 2021 - 11:18pm

Drupal 6 just might live forever.

This isn't so much an announcement as it is a reminder: if you know of any sites out there running Drupal 6, they probably want to make sure we keep supporting it!

Drupal 6 Long-Term Support (D6LTS) until at least February, 24th 2023!

Drupal 6 core security update for SA-CORE-2021-002

by David Snopek on April 21, 2021 - 12:25pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix a Cross-Site Scripting (XSS) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Cross-Site Scripting - SA-CORE-2021-002

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there were other Drupal core security advisories made today, but those don't affect Drupal 6.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 Long-Term Support Extended to 2023 - and What About Drupal 7?

by Elliot Christenson on February 3, 2021 - 11:55pm

One more year? Sure. Why not!?

When we originally announced that we'd be providing Drupal 6 Long-Term Support, we committed to supporting our customers until at least February 2017.

We've made pretty regular announcements in the past extending things far beyond that original end-date.

Today, we're announcing that we'll be extending our Drupal 6 Long-Term Support (D6LTS) until at least February 2023!

Drupal 6 core security update for SA-CORE-2020-012

by David Snopek on November 18, 2020 - 12:13pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix a Remote Code Execution (RCE) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there were other Drupal core security advisories made today, but those don't affect Drupal 6.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

PHP 7.4 for Drupal 6 Long-Term Support

by Elliot Christenson on November 5, 2020 - 12:33am

This is a bit of an update to our update to PHP 7 that we did awhile back.

Last week we contacted all of our clients to announce our PHP 7.4 upgrade plans.

Much like the update to accomodate PHP 7, this update will necessitate some changes for some of our Drupal 6 clients.

Thankfully the scope of changes seems to be a bit smaller so far.

The important thing to note is that we are continuing to make changes to keep Drupal 6 and important contrib modules current with modern, supported (and secure) versions of PHP!

Read on to find out more!

(Updated for 2020) So, When Do I REALLY Need to Upgrade From Drupal 7 (or 8)?

by Elliot Christenson on September 30, 2020 - 9:04pm

Two years ago, we had a blog post with the same title: So, When Do I REALLY Need to Upgrade From Drupal 7? A lot has changed in the past two years. In the world, of course, but also in Drupal.

Drupal 7 was released on January 5, 2011. It's nearly 10 years old and going strong!
Drupal 8 was released on November 19, 2015 which itself is nearly 5 years old!

Where do our legacy and most used Drupals stand? Read on...

Articles aggregated for consumption on Drupal Planet!