World Renew, an agency of the Christian Reformed Church in North America (CRCNA), uses the Drupal content management system for its websites. Drupal is one of the most widely-used content management systems in the world, used by many universities, companies, and government agencies.
As you may have heard in news reports, on October 15 Drupal announced a security advisory that affected all websites using the current version. The CRCNA web development vendor took measures to apply the security patch to several CRCNA websites which use Drupal, including crcna.org, The Banner, and The Network.
Then, on October 29, the Drupal Security Team updated their original announcement and advised that all Drupal sites, except those patched within hours of the original announcement, should proceed as if they were compromised. This covers nearly all Drupal sites in the world, including World Renew and ten other CRCNA sites.
Testing revealed attempts to gain administrator access to some sites but those attempts were unsuccessful. However, based on the October 29 announcement, one cannot definitively rule out the possibility of undetected breaches on any Drupal 7 site affected. For us, those include:
- CRCNA
- Do Justice
- Hope Equals
- Lift Up Your Hearts
- Psalms for All Seasons
- Sea to Sea
- The Banner
- The Network
- Reformed Benefits Association (info site)
- World Renew
- World Renew Volunteer Blog
It’s important to note that, in the event of a breach, the World Renew Drupal sites do not contain any financial information. Donations and other transactions occur on separate systems which are not affected by this issue. Nor do these websites contain any employee information or social security/insurance numbers.
The World Renew has now been restored to a pre-October 15 state. Please bear with us as we bring the site back to its current state in this coming week.
We value your continued support and encouragement as we use web technologies for ministry.