Drupal security patch

Meeting: 
MQT on 2014-11-19
Session date: 
November 19, 2014
Reference: 
2014/4225
Question By: 
Darren Johnson
Organisation: 
City Hall Greens
Asked Of: 
The Mayor
Category: 

Question

Can you confirm when the GLA patched its web sites built with Drupal, following the release of the advisory note 'DRUPAL-SA-CORE-2014-005' on the 15th October about a highly critical security vulnerability?

Answer

Answer for Drupal security patch

Answer for Drupal security patch

Answered By: 
The Mayor

At around 5pm on 15 October, the Technology Group was alerted by the GLA's web support supplier that Drupal.org would be making a public announcement about, and a software update available, to fix a vulnerability discovered in the Drupal content management system software.

The announcement was made and software update made available at 7pm.  By 7:30pm the London.gov.uk website was updated.  By 11am on 16 October, all websites hosted at City Hall had been updated.

The GLA has a contract in place with a company of Drupal specialists who continuously monitor our web-sites for any suspicious activity - they have not noticed any activity that might give them cause to believe that the site had been compromised.