A module I am using has been flagged as unsupported by the Drupal Security team. What does this mean?
Date Published: February 6, 2025
The Drupal security team works with module maintainers to ensure that security issues are resolved and secure versions of modules are available on Drupal.org.
When a module maintainer becomes unresponsive or fails to take recommended action to resolve security issues, a module may be flagged as unsupported by the Security team. There is a significantly increased risk associated when using an unsupported module, although specific vulnerabilities are not initially made public.
If a module being used by your application becomes unsupported you can either
Investigate an alternative supported module on Drupal.org that meets the needs of your application.
Alternatively, you may wish to consider taking over the role of maintainer for that module so that it can continue to be supported. This is a great way to give back to the Drupal community. For information on taking over an abandoned project see Dealing with unsupported (abandoned) projects on Drupal.org.
Note: We strongly recommend that customers sign up to receive Drupal Security team announcements. For the various channels see, https://www.drupal.org/security/
In some cases, patches may be made available for insecure unsupported modules. Patches for unsupported modules are not vetted by the Drupal Security team. Applying patches to unsupported modules is done at your own risk.
A module I am using has been flagged as unsupported by the Drupal Security team. What does this mean? | Acquia Product Documentation
Cloud Platform
A module I am using has been flagged as unsupported by the Drupal Security team. What does this mean?
Cloud Platform