We help you to keep everyone safe.

The Backdrop Security team consists of trusted members of the backdrop-contrib group who have security experience.

Our mission includes:

  • to take the burden of project maintainership off of single individuals, and making it a responsibility of the community to step in when needed
  • to improve the overall security of contributed projects by having multiple people capable of keeping everything up to date

Our responsibilities include:

  • Coordinating security releases for both core and contrib:
    • Reviewing and/or creating fixes for vulnerabilities.
    • Drafting and/or reviewing Security Advisories.
    • Requesting CVEs when necessary.
    • Scheduling releases for the appropriate Wednesday.
    • Marking Releases as security releases on backdropcms.org.
  • Responding to all contact via the security@backdropcms.org email address.
    • Handling reports of potential new security issues for core and contrib:
      • Communication with the reporter.
      • Testing of potential vulnerabilities.
    • Assisting with security releases for Backdrop contrib projects:
      • Communication with the project maintainers.
      • Updates for project pages on backdropcms.org.
  • Collaborating with the Drupal security team on core issues that affect both projects:
    • Reviewing issues and testing fixes for Drupal.
    • Applying, adapting, and testing Drupal fixes on Backdrop.
  • Following Drupal contrib security releases:
    • Communication with the Backdrop project maintainers.
    • Creating security releases (when Backdrop project maintainers are unavailable).

Become a member of the Security Team

You may apply to become a member of the Backdrop Security Team by creating an issue in the contrib queue.