How the "official" Drupal 6 Long-Term Support will work!

by David Snopek on January 26, 2016 - 7:51am

As you may know, Drupal 6 will reach End-Of-Life (EOL) on February 24th, 2016. This means the Drupal community (including the Security Team) will no longer support Drupal 6!

However, a small group of commercial vendors will collaborate with the Drupal Security Team to take on Long-Term Support of Drupal 6! And myDropWizard is one of those Drupal 6 long-term support vendors. :-)

In this article, we'll answer the following questions:

  • What specifically will happen on February 24th?
  • What is the official Drupal 6 LTS?
  • How will the process work?
  • What will customers need to pay for?

Read more for the answers!

Drupal 6 Long-Term Support ... for after official support ends!

by Elliot Christenson on November 12, 2015 - 8:19pm

In case you haven't heard, the Drupal project is discontinuing "official support" for Drupal 6!

Typically, only two major versions of Drupal are supported at once: the latest version, and the previous one. Right now, that means Drupal 7 and 6 are supported.

But when Drupal 8 is released on November 19th, 2015, Drupal 6 will only be officially supported for an additional 3 months (until February 24th, 2016).

Of course, you'll need to update to Drupal 7 or 8 eventually!

But what if 3 months isn't enough time for you to upgrade?

We're happy to announce Long-Term Support (LTS) for Drupal 6, in order to keep your site going long after the end of official support!

Read more to learn what the end of official support means, and the details of our Drupal 6 LTS.

Understanding Drupal Security Advisories: Vulnerability type

by David Snopek on October 5, 2015 - 9:09am

Every Wednesday, the Drupal Security Team publishes "Security Advisories" (or SA's) to tell users about security vulnerabilities in Drupal core and contrib modules, with advice on how to solve the issue so that their site is secure.

This is the second in a series of articles about how to better understand all the information in a security advisory, so that you know how to take the appropriate action for your site!

There are several different types of security vulnerabilities, each with a cryptic (and highly technical) name like Cross Site Scripting (XSS) or SQL Injection.

There's plenty of technical articles on the internet explaining what those mean from a coder perspective, including how to prevent them (by writing better code) or even how to exploit them.

But what do they mean for you, the site builder or site owner?

The most important question for you is: If an attacker exploits your site with a particular vulnerability, what will they be able to do to your site or users?

Of course, you should take action on any security advisory that affects your site as soon as possible (or hire someone else to do it). But what could happen if you didn't?

Some vulnerabilities would allow an attacker to completely take control over your site, whereas others would only allow them to access some non-public data. How can you tell which are which?

Read more to learn how the different vulnerability types could impact your site or users!

Understanding Drupal Security Advisories: The Risk Calculator

by David Snopek on September 15, 2015 - 9:06am

Every Wednesday, the Drupal Security Team publishes "Security Advisories" (or SA's) to tell users about security vulnerabilities in Drupal core and contrib modules, with advice on how to solve the issue so that their site is secure.

This is the first in a series of articles about how to better understand all the information in a security advisory, so that you know how to take the appropriate action for your site!

Not all security vulnerabilities are equal!

Some are highly critical and require immediate action (like SA-CORE-2014-005, aka Drupalgeddon, was) or your site could be irrepairably damaged and you'll have to restore from backups.

And while you should take action on any security advisory that affects your site as soon as possible (or hire someone else to do it), some security vulnerabilities present less risk, so you might choose to delay updating and focus on more important things in your business or personal life.

But how do you make that decision?

All security advisories come with a "Security risk" that is generated by the Risk Calculator, which is where the labels like "Less Critical" or "Highly critical" come from.

However, those labels aren't very instructive because they don't really tell you what you're at risk of. 

Each security advisory also includes the full set of values provided to the Risk Calculator - which contain a wealth of information about the vulnerability - you just need to know how to decode and understand it.

That's what this article is about!

Read more to learn how to understand the Risk Calculator used in Drupal Security Advisories!

Articles aggregated for consumption on Drupal Planet!

o