[drupal-devel] Drupal 4.6.3 released (security alert)
dries at buytaert.net
Mon Aug 15 02:08:36 UTC 2005
The Drupal project has released version 4.6.3 of its open-source
content management platform. Drupal 4.6.3 is a maintenance release
that fixes problems reported using the bug tracking system. Drupal
4.6.3 also fixes a NEW SECURITY VULNERABILITY which was discovered in
the third-party XML-RPC library Drupal uses. An attacker could
execute arbitrary PHP code on a target site.
Upgrading your existing Drupal sites is highly recommended. As the
same bugs are also present in the Drupal 4.5 series, Drupal 4.5.5 is
released as well.
For detailed information about this release and the security
vulnerability, please consult the release announcement at http://
drupal.org/drupal-4.6.3 and read the DRUPAL-SA-2005-004 security
advisory at http://drupal.org/files/sa-2005-004/advisory.txt.
Kudos to all Drupal contributors who helped to get these releases out,
Dries Buytaert :: http://www.buytaert.net/
More information about the drupal-devel