I'm amazed at and grateful for everything that Drupal does for a website maintainer, but I find that keeping up with security patches is one of the downsides to using Drupal (the other is juggling the various module dependencies). I would imagine that these two 'problems' apply to any open source app that has a large and active user base, however.
Roy, are you on the Drupal security bulletin email list (http://drupal.org/security)? The security team is excellent, but it is unfortunate that so many XSS and SQL injection bugs get into the code.
Reply
Drupal4libcamp
February 27, 2009, Darien Public Library, Darien, CT
This work is licensed under a Creative Commons Attribution- NonCommercial- ShareAlike 2.5 License.
Two-sided coin
I'm amazed at and grateful for everything that Drupal does for a website maintainer, but I find that keeping up with security patches is one of the downsides to using Drupal (the other is juggling the various module dependencies). I would imagine that these two 'problems' apply to any open source app that has a large and active user base, however.
Roy, are you on the Drupal security bulletin email list (http://drupal.org/security)? The security team is excellent, but it is unfortunate that so many XSS and SQL injection bugs get into the code.