Hi Markus, Thank you very much for your report and sorry we haven't responded to you. We have received your email and one of the security team members will respond shortly.
The situation surrounds Drupal has changed significantly in the past couple of years. With the drastic increase in number of users, as well as contrib modules, we are receiving more reports than before. After Drupalcon Paris, we have been trying to establish a new report/issue handling process and we are becoming more efficient. But we are also aware that we need to make efforts to further streamline the process so please bear with us. Should this happen again, please contact one of the security team coordinators (me, Mori Sugimoto a.k.a dokumori or Kieran Lai a.k.a amazon). Thanks again for your report and contribution. Cheers, Mori On 14/01/2010 12:33, Markus Kalkbrenner wrote: > Hi! > > We discovered a critical security issue in Drupal 6 Core and wrote a mail > about it to [email protected] more than two weeks ago. (2009-12-27) > > The only reaction so far was an auto response mail from > [email protected] the next day telling > "All e-mails sent to us are read by a member of the team and acted upon if > necessary." > > Now I'm not sure how to continue. Does it take more than two weeks to read > through the mails and I just have to wait or is my message lost? > > Markus > > mkalkbrenner > http://drupal.org/user/124705 >
