- Last week, a researcher found several weaknesses in the update mechanism in Drupal, the popular content management system.
- The lack of encryption for update downloads was the most concerning weakness as it could have led to the compromise of both the site and its database, the company said.
- Developers are currently working to secure the software's update mechanism.
Drupal's security team switched its infrastructure to support Hypertext Transfer Protocol Secure (HTTPS) so update processes for the Drupal core and its modules use secure channels. The core update status module will use secure transport in the next Drupal update, the security team said.
Businesses and government agencies are increasingly shifting to HTTPS because it verifies the identity of a website or web service for a connecting client and encrypts almost all information sent between a website or service and the user.
In June, the federal government released a memo requiring all publicly accessible federal websites and web services to use HTTPS by the end of 2016.