new security announcements/feeds for Drupal

decibel.places's picture

He has: 1,494 posts

Joined: Jun 2008

I subscribe to the Drupal security list - in general the announcements are concerning contrib modules, not core, and the best advice is to make sure your code for core and all contrib modules is the latest release...

-------- SEPARATE SECURITY ANNOUNCEMENTS BY TYPE -----------------------------

To make the impact of different security advisories and announcements easier
to see, they are now separated by type.

Drupal core security advisories: http://drupal.org/security [1]
RSS feed for Drupal core: http://drupal.org/security/rss.xml [2]

Contributed project security advisories: http://drupal.org/security/contrib
[3]
RSS feed for contributed projects: http://drupal.org/security/contrib/rss.xml
[4]

Public service announcements: http://drupal.org/security/psa [5]
RSS feed for announcements: http://drupal.org/security/psa/rss.xml [6]

/We encourage those using RSS readers to track security-related developments
to subscribe to all three of these feeds./

All posts to each of these three forums will still be sent to the one
security announcements e-mail list. To subscribe to that e-mail list, once
logged in, go to your user profile page and subscribe to the security
newsletter on the Edit » My newsletters tab.

All future public service announcements will only be posted to the /Public
service announcements/ page and feed.

-------- BACKGROUND ON THE CHANGES -------------------------------------------

At Drupalcon in Washington, D.C. earlier this month, members of the Security
team held a "Birds of a Feather" session to discusses various topics
including improvements to our process of communicating with the public.

One outcome of this meeting was that we decided to more clearly differentiate
among security advisories for Drupal core (which affect all users) as opposed
to security advisories for contributed projects (which are often used by only
tens of sites). In addition, the security team has on occasion issued
announcements (such as this one), which were previously mixed in with actual
security advisories.

Since the Drupal 6.x upgrade of http://drupal.org [7], newsletter postings
have been managed using forums. The security team has thus split
security-related postings among three forums under
http://drupal.org/forum/1188 [8].

All past and new advisories and announcements and their feeds can be viewed
(via tabs) on http://drupal.org/security [9].

-------- CONTACT -------------------------------------------------------------

The security team for Drupal can be reached at security at drupal.org or via
the form at http://drupal.org/contact [10].

[1] http://drupal.org/security
[2] http://drupal.org/security/rss.xml
[3] http://drupal.org/security/contrib
[4] http://drupal.org/security/contrib/rss.xml
[5] http://drupal.org/security/psa
[6] http://drupal.org/security/psa/rss.xml
[7] http://drupal.org
[8] http://drupal.org/forum/1188
[9] http://drupal.org/security
[10] http://drupal.org/contact
_______________________________________________
Security-news mailing list
[email protected]
http://lists.drupal.org/listinfo/security-news