The Free Software Foundation's GNU Savannah hosts thousands of free software projects — both GNU and non-GNU projects, including Drupal.

But in early May, security researchers from Hacktron.AI reported vulnerabilities and demonstrated an exploit, according to a new statement Friday from the FSF:

We have been working with these researchers since their initial report, and have also addressed additional security issues they submitted. All reported issues have been patched thanks to the hard work of GNU and FSF volunteers, as well as FSF staff. After thorough review, we have found no reason to believe that sensitive project data or credentials were accessed, nor that there has been any compro...