Drupal Security Team | Drupal Security Team guide on Drupal.org

Drupal Security Team | Drupal Security Team guide on Drupal.org
Skip to search
Can we use first and third party cookies and web beacons to
understand our audience, and to tailor promotions you see
Documentation
Advertising sustains the DA. Ads are hidden for members.
Join today
Drupal Security Team
Goals of the security team
Resolve reported security issues in a Security Advisory
Provide assistance for contributed module maintainers in resolving security issues
Provide documentation on how to
write secure code
Provide documentation on
securing your site
Help keep Drupal.org infrastructure secure
How to report a security issue
If you discover or learn about a potential error, weakness, or threat that can compromise the security of Drupal, we ask you to keep it confidential and
submit your concern to the Drupal security team
General information
Security team
CVE assignment
How we assign CVE's
Contacted by the Security Team. Now what?
This page explains a series of steps maintainers need to follow when security issues are reported to the Drupal Security Team
Drupal Steward
Overview of the Drupal Steward program, with subpages answering common questions
Complete the setup process
FAQ
Security Team members
Members of the Drupal Security Team
Security advisory process and permissions policy
What is a Security Advisory?
Security release numbers and release timing
Security release windows are every Wednesday
Security risk calculator
Calculate the potential risk level for a security issue
Security risk levels defined
The following information explains how the criticality levels as a general guideline for determining security risk levels.
Security track record
Composed of a set of respected community volunteers, and one of the first dedicated Security Teams in an open source CMS project, the Drupal
Drupal 6 Long-Term Support
At this point we are no longer accepting new D6 LTS vendors applications
How to join the Drupal Security Team
How to join the Drupal Security team
Security Team procedures
Security Team procedures
Adding new members to the security team
Common tasks for Security Team members
Creating a Drupal core security release
Disclosure of usernames and user IDs is not considered a weakness
Drupal Security Team Disclosure Policy for Security Team Members
Security Team expectations for employers
How to invite a maintainer to participate in the issue
How a security Issue goes from initial report to Security Advisory
Making a public issue for security.drupal.org issues with status "Needs public followup"
Marking a project as unsupported for security reasons
Security issue release process
Security Team chat channels (IRC and Slack)
Security Team member triage duty
Security Team message templates
Security issues on git.drupalcode.org
Becoming primary maintainer of a project that is unsupported for security reasons
Becoming primary maintainer of a project that is unsupported for security reasons
Guide maintainers
Drupal’s online documentation is © 2000-2026 by the individual contributors and can be used in accordance with the
Creative Commons License, Attribution-ShareAlike 2.0
. PHP code is distributed under the
GNU General Public License
Infrastructure management for Drupal.org provided by
Need a Drupal 7 extended support partner? Consider Tag1.
News items
News
Planet Drupal
Social media
Sign up for Drupal news
Security advisories
Jobs
Our community
Community
Services
Training
Hosting
Contributor guide
Groups & meetups
DrupalCon
Code of conduct
Documentation
Documentation
Drupal Guide
Drupal User Guide
Developer docs
API.Drupal.org
Drupal code base
Download & Extend
Drupal core
Modules
Themes
Distributions
Governance of community
About
Web accessibility
Drupal Association
About Drupal.org
Drupal is a
registered trademark
of
Dries Buytaert