Yes, that's a very good question. Simply put, we do not know for sure. The reason is pretty often a shameful one: the terms of license usually disallow the public disclosure of security issues, not even mentioning a found vulnerability that has not been fixed for years after notice.
On the other hand – no software has ever been bullet-proof. Sooner or later you'll get an update for every software you run. You'd better be concerned if you didn't (maybe gone unmaintained?) If you have ever heard of a software that gets "updates" but never "security releases", be sure the software producer has an obscurity agenda.
Read more about all aspects of CMS security in our article "Why safety is king".
FAQ Category