[drupal-support] Drupal 4.6.3 released (security alert)
Peter Apockotos
drupal at apockotos.com
Mon Aug 15 02:20:21 UTC 2005
On Aug 14, 2005, at 10:08 PM, Dries Buytaert wrote:
> The Drupal project has released version 4.6.3 of its open-source
> content management platform. Drupal 4.6.3 is a maintenance release
> that fixes problems reported using the bug tracking system. Drupal
> 4.6.3 also fixes a NEW SECURITY VULNERABILITY which was discovered
> in the third-party XML-RPC library Drupal uses. An attacker could
> execute arbitrary PHP code on a target site.
>
> Upgrading your existing Drupal sites is highly recommended. As the
> same bugs are also present in the Drupal 4.5 series, Drupal 4.5.5
> is released as well.
>
> For detailed information about this release and the security
> vulnerability, please consult the release announcement at http://
> drupal.org/drupal-4.6.3 and read the DRUPAL-SA-2005-004 security
> advisory at http://drupal.org/files/sa-2005-004/advisory.txt.
>
> Kudos to all Drupal contributors who helped to get these releases out,
>
> --
> Dries Buytaert :: http://www.buytaert.net/
Being a newbie with Drupal. How do I apply the 4.6.2 -> 4.6.3 patch?
More information about the drupal-support
mailing list