[consulting] RE : security of CHANGELOG.txt

fgm fgm at osinet.fr
Tue Sep 29 06:22:19 UTC 2009


If you don't keep core up to date, it can be seen as such, but of course the vulnerabilityis not the CHANGELOG per se, but the fact that you are not upgrading.

It's basically complaining about the symptom without caring for the disease.
________________________________________
De : consulting-bounces at drupal.org [consulting-bounces at drupal.org] de la part de Matt Chapman [Matt at NinjitsuWeb.com]
Date d'envoi : lundi 28 septembre 2009 22:21
À : A list for Drupal consultants and Drupal service/hosting providers
Objet : [consulting] security of CHANGELOG.txt

Do others consider it a security risk to leave CHANGELOG.txt web
accessible; i.e., broadcasting what version of Drupal you're running,
for those who know to look?

-Matt



_______________________________________________
consulting mailing list
consulting at drupal.org
http://lists.drupal.org/mailman/listinfo/consulting


More information about the consulting mailing list