Drupal clarified Wednesday afternoon that for the vulnerability in Coder, the module does not have to be enabled in order to be exploited. That fix addresses a problem in which the module doesn ...