Drupal
Security Announcements for November 2008
Thu, 11/27/2008 - 03:32 — Dave KeaysThere is an SQL injection and a CSS (cross-site-scripting) prior to 5.x-1.13 and 6.x-1.0 that could give a user control over an SQL database and user cookies.
SA-2008-070 - COMMENT MAIL
There is a CSRF (cross-site-request-forgery) in Comment Mail for Drupal 5.x prior to 5.x-1.1 that allows end-users to administer permissions and ban IP addresses, deny a comment, or approve one.
problems with roles in Drupal - solved
Tue, 08/05/2008 - 16:55 — Dave KeaysI am having problems with Roles and Permissions. There is a node that can be edited when the user has one role, but not when a role with the same permissions is used.
Drupal security announcements 6-18-2008
Fri, 06/20/2008 - 17:23 — Dave KeaysThere were three Drupal security announcements today (6-18-2008). All of them were either "highly critical" or "critical". All three were third-party modules and the core was not affected by any of them.
