Hi,
There is this Highly Critical issue identified by customer internal scan, on Developer Portal version 4.17.01 which downloads Drupal Version 7.53 which is vulnerable to "Blind SQL Injection Vulnerability".
The details on this Security issue can be found on the site : https://www.drupal.org/SA-CORE-2014-005
1) .Please let know detailed steps on how to update to a Drupal version where the above issue is fixed?
2). Please let know on your recommendations to apply a patch if available from Drupal on top of 7.53, if customers are not able to update?
Do let know the steps to update the patch on the current installation.
3). Please let know if the above issue has been taken in to consideration on the latest version of Developer Portal release of 4.17.05?
BR, Suraj
Answer by rod · Aug 08, 2017 at 02:14 PM
According to the drupal.org website security page listed above, this SQL injection issue only affects version 7.31 and earlier:
Developer Portal Version 4.17.01 ships with 7.53, which is many versions later. If you would like to upgrade to a later version of Drupal, 4.17.05 ships with 7.54.
Better Captcha for the Drupal developer portal? 1 Answer
Developer Portal Versions 1 Answer
Apigee developer portal and blacklisting 1 Answer
Drupal and Apigee,Drupal and Apigee mechanisme 1 Answer
Overriding base css Apigee 1 Answer