Drupal.conf should be updated to block access to Markdown (.md) and YAML (.yml) files by default. With many modules transitioning to README.md etc instead of README.txt, this change is important for security. Tools like Droopescan can automatically search a site for exposed files to discover which modules are enabled.
Drupal.conf should be updated to block access to Markdown (.md) and YAML (.yml) files by default. With many modules transitioning to README.md etc instead of README.txt, this change is important for security. Tools like Droopescan can automatically search a site for exposed files to discover which modules are enabled.