Date Published: February 6, 2025
A module I am using has been flagged as unsupported by the Drupal Security team. What does this mean?
The Drupal security team works with module maintainers to ensure that security issues are resolved and secure versions of modules are available on Drupal.org.
When a module maintainer becomes unresponsive or fails to take recommended action to resolve security issues, a module may be flagged as unsupported by the Security team. There is a significantly increased risk associated when using an unsupported module, although specific vulnerabilities are not initially made public.
If a module being used by your application becomes unsupported you can either
-
Investigate an alternative supported module on Drupal.org that meets the needs of your application.
-
Alternatively, you may wish to consider taking over the role of maintainer for that module so that it can continue to be supported. This is a great way to give back to the Drupal community. For information on taking over an abandoned project see Dealing with unsupported (abandoned) projects on Drupal.org.
For a full list of unsupported and obsolete modules, see:
drupal.org: Unsupported modules
drupal.org: Obsolete modules
Note: We strongly recommend that customers sign up to receive Drupal Security team announcements. For the various channels see,
https://www.drupal.org/security/
In some cases, patches may be made available for insecure unsupported modules. Patches for unsupported modules are not vetted by the Drupal Security team. Applying patches to unsupported modules is done at your own risk.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.