You may have heard about the recent "highly critical" vulnerability in Drupal 7 sites, that was announced on 15th October https://www.drupal.org/SA-CORE-2014-005 and has been widely reported: http://www.bbc.co.uk/news/technology-29846539

It's fairly unusual for a bug as serious as this to be discovered in Drupal, and the initial announcement was followed up on the 29th October with another warning that sites that had not been patched within 7 hours of the initial announcement should be considered "compromised".

We're pleased to update GreenNet members that:

  • All sites using our drupal hosting package were patched immediately on 15th October (we tweeted to let you know!)
  • All sites that we maintain, for example because we built them or have an agreement for support and maintenance, were updated on 15th October within 7 hours of the first announcenent (please contact us if you are unsure about whether your site fits into this category)
  • As a matter of courtesy and good housekeeping, we updated all other Drupal installations that we are aware of on our servers as soon as was practicable, though this may not have been within seven hours of the initial announcement (please contact us if you are unsure about whether your site has been patched).

Please get in touch if you have any concern about your Drupal 7 site.