Earlier this year the Drupal community was shaken when the Project Leader Dries Buytaert decided to expell the lead developer Larry Garfield from the project, based on accusations of somewhat weird BDSM play. Backstory: BDSM sex rocks Drupal world: Top dev banished for sci-fi hanky-panky
Drupal has been big on diversity and inclusion, priding itself on being one of the biggest, friendliest open source communities around. As such, it has been a prime hotspot for activists to push feminist-flavored social justice rhetoric. They adopted a code of conduct, established a Community Working Group, and basically bend over backwards to satisfy the demands of those who see the open source world as a problematic place where meritocracy is used to justify gatekeeping and elitism.
Over the last few weeks the Drupal community has been in turmoil over the news that Drupal 8 lead developer Larry Garfield AKA Crell has been forced to leave the project:
A few weeks ago, I privately asked Larry Garfield, a prominent Drupal contributor, to leave the Drupal project. I did this because it came to my attention that he holds views that are in opposition with the values of the Drupal project.
Drupal is known for it's large number of community contributed modules that add functionality to the bare bones core system. While the core system is actively maintained by the Drupal core security team, there is no such guarantee for the third party modules.
PHPMailer, a popular class used by popular web CMSes like WordPress, Joomla and Drupal has been found to be vulnerable to a bug that allows execution of arbitrary code. PHPMailer is the most popular utility class for sending emails with PHP. There are an estimated 9 million sites of it live on the internet currently, most of them vulnerable.
The issue is not trivial as it allows attackers to exploit millions of websites that are deployed from small businesses to giant corporations. The issue, now tracked as CVE-2016-10033, was made public by Dawid Golunski.