[support] security and upgrading Re: Drupal 5-13 - warning: Wrong parameter count for session_set_cookie_params() in session.inc on line 102.

On Thu, 11 Dec 2008 09:05:15 -0500 "Shai Gluskin" shai@content2zero.com wrote:

I always wait 48 hours before installing a new version of core.

I just read people are still using Drupal 5.X where X<10 and I was wondering why being drupal so popular they don't get pwned by bots.

I'll have to look at previous sec advisories and build up some signatures to see if anyone is actually targeting Drupal with bots.

I generally upgrade ASAP.

I find a bit annoying (but maybe someone can suggest how to overcome this) that the packaging system modify a lot of files just to add version info, so that it is a bit annoying to examine the diff.