I released a first version of my Drupal security.module yesterday. The module is sort of an intrusion detection system for Drupal sites. It helps the site admin to check and ensure the security of his Drupal installation. Read my original announcement for more details.
The code is in ALPHA stage, so don't expect everything to work, yet.
Lots of good news for the Drupal project:
The future looks bright...
To be able to do this, they need a new server (free rack space and bandwidth are provided by OSL) for which they are seeking donations now.
It's also planned to create a non-profit organization which will hold the funds, so the donations will be tax-deductible...
As most of you probably noticed, the design and structure of my homepage and my blog changed quite a bit a few days ago.
That was me upgrading to Drupal 4.6.1, which makes my life a lot easier, has a bunch of new features (e.g. my blog now has del.icio.us-like tags) and bugfixes, and most importantly fixes a serious security issue.
Two days ago I tried to help a bit with the new Drupal 4.6.2 release, which mainly fixes two major security problems. The first one is an issue with incorrect input validation, resulting in the DRUPAL-SA-2005-002 security advisory. The second one fixes a problem in the XML-RPC library shipped with Drupal (and Wordpress, and PostNuke, and...), resulting in DRUPAL-SA-2005-003.
It was quite a fun experience for me, the release was coordinated and discussed on IRC, we had lots of peer-review of the advisories and release-announcement, testing the patches etc. Thanks to all who participated and made this such a great experience.