[consulting] RE : security of CHANGELOG.txt
fgm
fgm at osinet.fr
Tue Sep 29 06:22:19 UTC 2009
If you don't keep core up to date, it can be seen as such, but of course the vulnerabilityis not the CHANGELOG per se, but the fact that you are not upgrading.
It's basically complaining about the symptom without caring for the disease.
________________________________________
De : consulting-bounces at drupal.org [consulting-bounces at drupal.org] de la part de Matt Chapman [Matt at NinjitsuWeb.com]
Date d'envoi : lundi 28 septembre 2009 22:21
À : A list for Drupal consultants and Drupal service/hosting providers
Objet : [consulting] security of CHANGELOG.txt
Do others consider it a security risk to leave CHANGELOG.txt web
accessible; i.e., broadcasting what version of Drupal you're running,
for those who know to look?
-Matt
_______________________________________________
consulting mailing list
consulting at drupal.org
http://lists.drupal.org/mailman/listinfo/consulting
More information about the consulting
mailing list