Drupal Security Team's Avatar

Drupal Security Team

@drupalsecurity.bsky.social

Automatically post Drupal Security Advisories & related news. Follow Drupal Security Team. @gknaddison.bsky.social to get RT. DM & mentions not monitored. https://drupal.org/node/101494

709 Followers  |  2 Following  |  152 Posts  |  Joined: 20.09.2023  |  2.0355

Latest posts by drupalsecurity.bsky.social on Bluesky

Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 Read post

04.02.2026 17:49 — 👍 0    🔁 0    💬 0    📌 0

Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007 Read post

28.01.2026 17:36 — 👍 1    🔁 0    💬 0    📌 0

Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006 Read post

28.01.2026 17:36 — 👍 1    🔁 0    💬 0    📌 0
Drupal 25th Anniversary Timeline | Drupal 25th Anniversary Timeline Celebrating 25 years of Drupal - A timeline of innovation and community

Happy 25th anniversary to Drupal. I build it w/ many of you & loved every minute. In honor, I present weitzman.github.io/drupal25-tim...

@klau.si @gknaddison.bsky.social @walkah.social @ksenzee.bsky.social @outlandishjosh.bsky.social @webchick.bsky.social @quicksketch.org @merlinofchaos.bsky.social

15.01.2026 13:34 — 👍 16    🔁 6    💬 1    📌 1

Happy anniversary! From the timeline on August 1, 2005:

Drupal security team is formed

This volunteer team is first led by chx. The team dutifully protects Drupal core and all the contrib modules that opt into its coverage. Future leaders would be Heine, greggles, and mlhess.

15.01.2026 14:52 — 👍 5    🔁 1    💬 0    📌 1

Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005 Read post

14.01.2026 18:15 — 👍 0    🔁 0    💬 0    📌 0

AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004 Read post

14.01.2026 18:00 — 👍 0    🔁 0    💬 0    📌 0

AT Internet SmartTag - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-003 Read post

14.01.2026 18:00 — 👍 0    🔁 0    💬 0    📌 0

Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002 Read post

14.01.2026 18:00 — 👍 0    🔁 0    💬 0    📌 0

Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001 Read post

14.01.2026 18:00 — 👍 0    🔁 0    💬 0    📌 0

HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126 Read post

17.12.2025 18:14 — 👍 0    🔁 0    💬 0    📌 0

Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125 Read post

10.12.2025 17:55 — 👍 1    🔁 0    💬 0    📌 0

Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124 Read post

03.12.2025 18:50 — 👍 0    🔁 0    💬 0    📌 0

Entity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123 Read post

03.12.2025 18:50 — 👍 0    🔁 0    💬 0    📌 0

Next.js - Critical - Access bypass - SA-CONTRIB-2025-122 Read post

03.12.2025 18:50 — 👍 0    🔁 0    💬 0    📌 0

Tagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121 Read post

03.12.2025 18:50 — 👍 0    🔁 0    💬 0    📌 0

Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120 Read post

03.12.2025 18:50 — 👍 0    🔁 0    💬 0    📌 0

AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119 Read post

03.12.2025 18:50 — 👍 0    🔁 0    💬 0    📌 0

CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118 Read post

03.12.2025 18:50 — 👍 0    🔁 0    💬 0    📌 0

Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117 Read post

03.12.2025 18:50 — 👍 0    🔁 0    💬 0    📌 0

Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 Read post

13.11.2025 18:48 — 👍 0    🔁 0    💬 0    📌 0

Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 Read post

13.11.2025 01:03 — 👍 1    🔁 0    💬 0    📌 0

Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 Read post

13.11.2025 00:17 — 👍 0    🔁 0    💬 0    📌 0

Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005 Read post

13.11.2025 00:17 — 👍 0    🔁 0    💬 0    📌 0

Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 Read post

13.11.2025 00:17 — 👍 0    🔁 0    💬 0    📌 0

Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 Read post

13.11.2025 00:17 — 👍 0    🔁 0    💬 0    📌 0

Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116 Read post

05.11.2025 18:11 — 👍 0    🔁 0    💬 0    📌 0

Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115 Read post

05.11.2025 18:11 — 👍 0    🔁 0    💬 0    📌 0

Normal Drupal core security window rescheduled for November 12, 2025 due to DrupalCon - PSA-2025-11-03 Read post

03.11.2025 15:44 — 👍 0    🔁 0    💬 0    📌 0

Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114 Read post

29.10.2025 17:08 — 👍 0    🔁 0    💬 0    📌 0

@drupalsecurity is following 2 prominent accounts