The Drupal project has released version 4.6.3 of its open-source content management platform. Drupal 4.6.3 is a maintenance release that fixes problems reported using the bug tracking system. Drupal 4.6.3 also fixes a NEW SECURITY VULNERABILITY which was discovered in the third-party XML-RPC library Drupal uses. An attacker could execute arbitrary PHP code on a target site.
Upgrading your existing Drupal sites is highly recommended. As the same bugs are also present in the Drupal 4.5 series, Drupal 4.5.5 is released as well.
For detailed information about this release and the security vulnerability, please consult the release announcement at http:// drupal.org/drupal-4.6.3 and read the DRUPAL-SA-2005-004 security advisory at http://drupal.org/files/sa-2005-004/advisory.txt.
Kudos to all Drupal contributors who helped to get these releases out,
-- Dries Buytaert :: http://www.buytaert.net/