Tips for using modules in Drupal 8 not covered under the Security Advisory Policy

When developing your Acquia Cloud or Acquia Cloud Site Factory website in Drupal 8, you have most likely encountered modules that you would like to leverage, but noticed those modules did not display the shield icon, and ultimately were not covered under Drupal's Security Advisory Policy:

A security advisory is a public announcement managed by the Drupal Security Team which informs site owners about a reported security problem in Drupal core or a contributed project and the steps site owners should take to address it. (Usually this involves updating to a new release of the code that fixes the security problem.) The problem is kept secret until the advisory is ready to be released, at which point it is publicized widely so that site owners can address it quickly.

shield icon

Acquia does not normally recommend implementing modules not covered under the Security Advisory Policy. 

If you are considering implementing Drupal 8 modules not covered under the policy; however, it is a bit different as many D8 modules are still under active development.

We recommend the following approach when using modules not covered under the Security Advisory Policy:

  • For modules with security updates, apply those first.
  • As stable versions are released, update those modules
  • If the module does not have an issue, don't try to fix it

We also recommend reviewing our documentation on Evaluating Modules which holds true for any site no matter if it is Acquia Cloud or Acquia Cloud Site Factory.

Contact supportStill need assistance? Contact Acquia Support