A long while back, security researcher Sam Mortenson reported a cross-site scripting vulnerability in Drupal core's Link module. Essentially, the options property on link fields was not being properly sanitized. This meant cross-site scripting was possible under some circumstances -- and, as always for cross-site scripting, we were concerned that the XSS could be combined with other attacks and escalated to more serious exploits.
Drupal
Great news: After a three-month search, I'm now contracting with two sponsors who are funding a total of 60% of my time for Drupal core release management. Let me introduce you!
Hi, I'm xjm. I'm a Drupal core committer, one of eighteen people who are trusted to accept (merge) code changes to the Drupal project for the hundreds of thousands of sites that rely on it.
My role on the committer team is that of a release manager. We're the folks who actually create the Drupal core releases that you can install on your site.
Back in 2013, I led the core contribution mentoring day at DrupalCon Sydney. I'd already flown from the US to Europe three times at that point (first for Drupal Developer Days Barcelona, then for DrupalCon Munich and the Paris VDC sprint, and finally for a whirlwind 72 hours in London to sprint on VDC and CMI). None of that prior international travel prepared me in the slightest for the over 24 hours of nonstop air travel/physical torture that it takes to get from Wisconsin to Australia.
