On Mon, May 08, 2017 at 11:33:52AM +1200, Wiremu Demchick wrote: > > I should mention that Drupal has a not-very-nice security track > record. A particularly good example: > https://www.drupal.org/SA-CORE-2014-005
This is maybe the only big security problem I've seen while working with drupal. Their security advisory list is fairly active, but apart from this bad boy, most of their CVE correspond to very specific cases of privilege escalation, with complicated administrative models (all those cases where you've given some users JUST some fairly comprehensive rights and don't want them to fully become root on the website)... so unless you're in that specific case, it is generally rather solid apart from that issue.
