Open source platforms WordPress and Drupal are releasing a security update to both of their systems in tandem today. The patch fixes a vulnerability to denial of service attacks, which means you should update your site — NOW.
Nir Goldshlager, product security team member at Salesforce, discovered the bug in PHP’s XML processing and reached out to security teams at both Drupal and WordPress to let them know. The companies decided to work together to create a patch and executed the fix quickly as a result.
When the vulnerability is exploited, it kills access to your site. Considering that Drupal and WordPress are used by millions of sites, this is a pretty big deal. (WordPress alone makes up around 20 percent of the Internet.)
The XML vulnerability affects WordPress versions 3.5 to the current version and Drupal versions 6.x to 7.x as well as default installations on both systems.
It makes sense that two proponents of open-source platforms and technology would work together and illustrates the capacity for collaboration amongst companies who use open source technology.
For those who want to get the update, check out the WordPress or Drupal announcement. For more details about the attack check out this article by Goldshlager and Christina Warren.