So what reaction to Drupal declaring critical vulnerability?

Antispam module for Drupal
bradtem
Posts: 2
Joined: 23 Jan 2019, 20:36
Has thanked: 0
Been thanked: 0

So what reaction to Drupal declaring critical vulnerability?

Unread post by bradtem » 23 Jan 2019, 20:38

I was a bit surprised to see nothing on the site here after Drupal declared that cleantalk has a critical vulnerability that the company has declined to fix.

What is the nature of the problem? If a fix is needed, when will it be ready? If a fix is not needed, why did the Drupal team de-support the module?

alexandergull
Posts: 2
Joined: 24 Jan 2019, 20:16
Has thanked: 0
Been thanked: 1 time

Re: So what reaction to Drupal declaring critical vulnerability?

Unread post by alexandergull » 24 Jan 2019, 20:18

Hello.
Thank you for your request.
Please, do not worry. We know about this issue and already working hard to find a solution.
We will fix it in 24 hours.
Feel free to ask us again.
Best regards,

bradtem
Posts: 2
Joined: 23 Jan 2019, 20:36
Has thanked: 0
Been thanked: 0

Re: So what reaction to Drupal declaring critical vulnerability?

Unread post by bradtem » 25 Jan 2019, 20:16

Just to clarify, the statement by the Drupal team seems to imply that this is an older vulnerability that they gave Cleantalk some time to fix, and they are deprecating the module because it is not fixed. Is that true, or does the Drupal team deprecate a module with a bug when only giving you a day or two to fix it?

User avatar
SergeM
Posts: 125
Joined: 27 May 2016, 08:05
Has thanked: 11 times
Been thanked: 8 times
Contact:

Re: So what reaction to Drupal declaring critical vulnerability?

Unread post by SergeM » 26 Jan 2019, 06:07

The Drupal Team says that the issue is in the option "SpamFireWall". We have fixed that and send the new archive to the Drupal Team for approval.

While they are approving it, please, disable the option:
Drupal Admin Page —> Modules —> OTHER category —> Anti-Spam by CleanTalk (Configure) —> disable "SpamFireWall"

You will be informed by our auto-mailing system about the new version of the CleanTalk module.

Your CleanTalk Control Panel: [ https://cleantalk.org/my/ ].

Kind regards.
———————
Technical Support
https://CleanTalk.org — Anti-Spam Modules for all CMS

Post Reply