Drupal Update Process Flawed By Multiple Bugs

An anonymous reader writes: The Drupal CMS, a favorite with large enterprises, has a few bugs in its update process, affecting both the Drupal core update and its modules. The biggest flaw of the three discovered by IOActive researchers allows an attacker to take over the sites via poisoned updates. What's worse is that Drupal's team had known of this issue since 2012, but only recently reopened discussions on fixing the problem.

Drupal rocks :)

[amoeba47]

As someone who has developed with Drupal for several years, I just want to add a positive perspective to balance the expected usual negative comments here. Drupal is a great CMS and web application framework. Extensible and flexible it can be adapted for many applications. Moreover, the Drupal community is knowledgeable and helpful. Growing from strength to strength with each release, I love working with Drupal. That is all.