The open source Content Management System (CMS) Drupal has modified its guidelines on fixing security vulnerabilities. The project will now only work on vulnerabilities in the completed code of its modules. Modules that are in release- candidate mode will no longer be supported.
Drupal plans to work with module maintainers whose modules are code complete. The maintainers will also be a given a deadline within which the problem should be resolved. If the deadline is missed, the project and the module will remain unpublished. Vulnerabilities in unfinished code will be flagged in the module’s issue queue.
To read the full story, click here.