Drupal Security
Drupal is a mature, open-source, PHP-based CMS and web application framework. Drupal powers hundreds of thousands of sites on the web and continues to push forward with cutting-edge technologies. Backed by a world-wide community, the Drupal Security Team supports the code hosted on drupal.org, including Drupal core and thousands of community-contributed modules and themes.
It is important to keep in mind that all websites are vulnerable to attack. This includes Joomla!, Drupal, WordPress, Plone, Expression Engine and even custom sites.
Keeping your Drupal site up-to-date with the latest security patches is the best way to ensure your site and your users are always safe.
Keeping your Drupal site up to date
From time to time, there will be minor updates to Drupal core, as some of these are for security reasons, you should apply the updates when they are released. There are also major release upgrades, these you may want to apply so you have all the new and powerful features.
Whether or not you apply a major release upgrade is highly individual to the person responsible for that decision. If everything is working great for you, and you don't want to add any of the new features, you may decide to stick with your current major release of Drupal.
About Drupal versions
What's the difference? Major & Minor versions
It is important that you know the difference between a major and a minor version release.
- A major version of Drupal core is represented by the number before the first decimal. For example Drupal 5.1, Drupal 6.1, and Drupal 7.1 are all different major releases. This is considered an upgrade.
- A minor version of Drupal core is represented by the decimal. For example, Drupal 6.1, 6.13, and 6.23 are all different minor releases of Drupal 6. This is considered an update.
Major releases include changes to core and how Drupal functions. New tools, structure changes, how everything works and looks, can be changed in a major version update.
Minor releases fix security issues and newly discovered bugs but include no new features. This is an example of a minor release announcement.
