You may have unsupported modules which may pose a security risk to your website. Don’t panic - but do take a moment to address the issue with your web services provider. You’re not alone. Many websites have contributed modules for which support has elapsed.
One of the great things about Drupal is there are tens of thousands of contributed modules which offer a relatively fast and cost-effective way to add custom functionality to your site. The community does a great job keeping all of these modules up-to-date with security vulnerabilities. However, as new versions of Drupal are released (e.g. Drupal 8) modules eventually lose support in favor of modules made to work with the newer versions of Drupal. Think of it as Windows XP - you can still use it but Microsoft no longer supports it and security vulnerabilities abound (and who knows how many remain undiscovered).
There is a big difference between unsupported updates vs security updates. Security updates need to be performed due to known vulnerabilities. Unsupported updates should be performed because no one is going to be looking for potential security vulnerabilities for them. Although not a security vulnerability per se, the potential risk of running unsupported modules can make them even more of a security hazard than known issues. Since no one is monitoring them any longer, a vulnerability could exist and you would never know about it until it’s time to explain to your users why their information was compromised.
It’s an added expense, true. However, the potential cost of ignoring the issue may prove infinitely more costly to your organization - and once a breach has occurred, the fact you always intended to allocate some time for the issue doesn’t carry a lot of weight with your users.
- Log in to post comments
