IMPORTANT Security Notice
SA-CORE-2014-005 and PSA-2014-003 - Drupal SQL injection vulnerability
On October 15 the Drupal security team issued a security advisory relating to a highly significant vulnerability in Drupal 7. The vulnerability affects ALL Drupal 7.x sites running version 7.31 or earlier. If you have not already upgraded to 7.32 nor applied the available patch to database.inc then it is highly advisable to do so immediately. The security team more recently issued a follow up notice reiterating the importance and urgency of this topic, and advising: "You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement."
Note, the same issue affects any Drupal 6.x sites running the DBTNG module.
Consultancy, development and support
We work with Drupal and other mainstream open-source platforms and components to provide web and mobile technology for business applications.
Built to meet your requirements
Talk to us about business needs in business language. We promise a jargon-free approach.