We help you to keep everyone safe.
The Backdrop Security team consists of trusted members of the backdrop-contrib group who have security experience.
Our mission includes:
- to take the burden of project maintainership off of single individuals, and making it a responsibility of the community to step in when needed
- to improve the overall security of contributed projects by having multiple people capable of keeping everything up to date
Our responsibilities include:
- Coordinating security releases for both core and contrib:
- Reviewing and/or creating fixes for vulnerabilities.
- Drafting and/or reviewing Security Advisories.
- Requesting CVEs when necessary.
- Scheduling releases for the appropriate Wednesday.
- Marking Releases as security releases on backdropcms.org.
- Responding to all contact via the security@backdropcms.org email address.
- Handling reports of potential new security issues for core and contrib:
- Communication with the reporter.
- Testing of potential vulnerabilities.
- Assisting with security releases for Backdrop contrib projects:
- Communication with the project maintainers.
- Updates for project pages on backdropcms.org.
- Handling reports of potential new security issues for core and contrib:
- Collaborating with the Drupal security team on core issues that affect both projects:
- Reviewing issues and testing fixes for Drupal.
- Applying, adapting, and testing Drupal fixes on Backdrop.
- Following Drupal contrib security releases:
- Communication with the Backdrop project maintainers.
- Creating security releases (when Backdrop project maintainers are unavailable).
Become a member of the Security Team
You may apply to become a member of the Backdrop Security Team by creating an issue in the contrib queue.