Developer Portal - 17.01 Security Issue - Drupal core - SQL injection
Hi,
There is this Highly Critical issue identified by customer internal scan, on Developer Portal version 4.17.01 which downloads Drupal Version 7.53 which is vulnerable to "Blind SQL Injection Vulnerability".
The details on this Security issue can be found on the site : https://www.drupal.org/SA-CORE-2014-005
1) .Please let know detailed steps on how to update to a Drupal version where the above issue is fixed?
2). Please let know on your recommendations to apply a patch if available from Drupal on top of 7.53, if customers are not able to update?
Do let know the steps to update the patch on the current installation.
3). Please let know if the above issue has been taken in to consideration on the latest version of Developer Portal release of 4.17.05?
BR, Suraj
According to the drupal.org website security page listed above, this SQL injection issue only affects version 7.31 and earlier:
Versions affected
- Drupal core 7.x versions prior to 7.32.
Developer Portal Version 4.17.01 ships with 7.53, which is many versions later. If you would like to upgrade to a later version of Drupal, 4.17.05 ships with 7.54.
