Drupal 6.7 and 5.13 released

Submitted by Alex on Thu, 12/11/2008 - 02:19
Tags: 


Drupal 6.7 and Drupal 5.13, maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities, are now available for download. Read more to find out about security vulnerabilities found there.

Critical issues found in Drupal 6.6 and 5.12:

Cross site request forgery
The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser (user 1) to execute old updates that may damage the database.
Cross site scripting

When an input format is deleted, not all existing content on a site is updated to reflect this deletion. Such content is then displayed unfiltered. This may lead to cross site scripting attacks when harmful tags are no longer stripped from 'malicious' content that was posted earlier.

Upgrading note: the robots.txt and .htaccess files have changed and need to be replaced. The settings.php file has not been changed and can be left as it was if upgrading from the current version of Drupal.

Trackback URL for this post:

http://alexisyes.com/trackback/42

No comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.