The Drupal security team works with module maintainers to ensure that security issues are resolved and secure versions of modules are available on Drupal.org.
When a module maintainer becomes unresponsive or fails to take recommended action to resolve security issues, a module may be flagged as unsupported by the Security team. There is a significantly increased risk associated when using an unsupported module, although specific vulnerabilities are not initially made public.
If a module being used by your application becomes unsupported you can either
-
Investigate an alternative supported module on Drupal.org that meets the needs of your application.
-
Alternatively, you may wish to consider taking over the role of maintainer for that module so that it can continue to be supported. This is a great way to give back to the Drupal community. For information on taking over an abandoned project see “Dealing with unsupported (abandoned) projects” on Drupal.org.
For a full list of the recently unsupported modules, see https://www.drupal.org/security/contrib
In some cases, patches may be made available for insecure unsupported modules. Patches for unsupported modules are not vetted by the Drupal Security team. Applying patches to unsupported modules is done at your own risk.