Issue 151 - August, 14th 2014
"Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available (xmlrpc.php). The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service)."
Dries wants community input for his DrupalCon Amsterdam keynote.
From Our Sponsor
A very cool story about how learning a skill like Drupal development can change lives.
I nice summary of headless Drupal from Pantheon's Josh Koenig with links to talks, projects, and other articles.
Great theming advice from the Stanford Web Services Blog.
Propeople shares how they use Vagrant.
Jeff Geerling has a nice intro to Apache Solr over on the Midwestern Mac blog.
Another nice views tutorial from OSTraining.
A very interesting project that was new to me.
Last week I was honored to be a guest on the Drupalize.me podcast along with Chris Weber, and Mike Anello discussing Drupal news and trends in the community.
Wanna get the word out about your great Drupal job? Get your job in front of hundreds of Drupal job seekers every day at Jobs.Drupal.Org.
Promet Source US
Jackson River Anywhere