FYI, the link to 4.7 changes links to 4.5 CVS messages.

Also, in 4.6.6.patch, there is nothing that addresses http://cvs.drupal.org/viewcvs/drupal/drupal/includes/file.inc?r1=1.39.2.12&r2=1.39.2.13, which is marked in CVS as a security issue.

Laura

pingVision, LLC

4450 Arapahoe Ave, Suite 100

Boulder, CO 80303

www.pingv.com

303.415.2559

inquiry@pingv.com