[development] Drupal 4.6.7 and 4.7.1 released
Gabor Hojtsy
gabor at hojtsy.hu
Fri May 26 07:51:39 UTC 2006
Also note that the announcement is not too clear about Drupal 4.7.1
needing a database update but 4.6.7 not.
Gabor
Bèr Kessels wrote:
> Can I then opt for the following addition to that frontpage post?
>
> ... upgrade, it is a good idea to back up your site and database first.
>
> The .htaccess containing the line <code>SetHandler
> This_is_a_Drupal_security_line_do_not_remove</code> is a security measure
> that disallows executing of any files in your files/ directory. If, for
> example, someone uploads a php file, this SetHandler rule will make sure it
> cannot be executed from the web.
>
> No API or database changes have been made since ...
>
>
>
>
> Op donderdag 25 mei 2006 11:11, schreef Dries Buytaert:
>
>>On 25 May 2006, at 10:54, Bèr Kessels wrote:
>>
>>>Op donderdag 25 mei 2006 06:07, schreef Angela Byron:
>>>
>>>>This includes two critical security fixes. Please see the
>>>>announcement
>>>>here: http://drupal.org/node/65351
>>>>
>>>>Note: I am only announcing because I'm the only one up at this
>>>>hour. ;)
>>>>Big thanks go to chx, Heine, and everyone else involved in helping
>>>>out
>>>>to solve this problem.
>>>
>>>I am rather confused by the .htaccess-in-your-files directory.
>>>If someone can explain me:
>>> * The reason for this measure
>>> * The concept behind this SetHandler
>>>I will write an update to clarify this for all others who do not
>>>understand it
>>>too.
>>
>>See also: http://drupal.org/node/65439.
>>
>>--
>>Dries Buytaert :: http://www.buytaert.net/
>
>
More information about the development
mailing list