[drupal-devel] Drupal 4.6.3 released (security alert)

Dries Buytaert dries at buytaert.net
Mon Aug 15 02:08:36 UTC 2005

The Drupal project has released version 4.6.3 of its open-source  
content management platform. Drupal 4.6.3 is a maintenance release  
that fixes problems reported using the bug tracking system.  Drupal  
4.6.3 also fixes a NEW SECURITY VULNERABILITY which was discovered in  
the third-party XML-RPC library Drupal uses. An attacker could  
execute arbitrary PHP code on a target site.

Upgrading your existing Drupal sites is highly recommended. As the  
same bugs are also present in the Drupal 4.5 series, Drupal 4.5.5 is  
released as well.

For detailed information about this release and the security  
vulnerability, please consult the release announcement at http:// 
drupal.org/drupal-4.6.3 and read the DRUPAL-SA-2005-004 security  
advisory at http://drupal.org/files/sa-2005-004/advisory.txt.

Kudos to all Drupal contributors who helped to get these releases out,

Dries Buytaert  ::  http://www.buytaert.net/

More information about the drupal-devel mailing list