[development] Drupal 4.7.8, 5.3 released
hdeelstra at gmail.com
Wed Oct 17 22:30:50 UTC 2007
Dear Drupal developers,
We have just released Drupal 4.7.8 and 5.3. These are maintenance releases that fix
problems reported using the bug tracking system and a number of security vulnerabilities.
The release announcement can be found on http://drupal.org/drupal-5.3
The following security announcements were issued:
http://drupal.org/node/184315 HTTP response splitting (4.7.x, 5.x)
http://drupal.org/node/184316 Arbitrary code execution (5.x)
http://drupal.org/node/184320 XSS via uploads (4.7.x, 5.x)
http://drupal.org/node/184348 User deletion CSRF (5.x)
http://drupal.org/node/184354 Comment status handling (4.7.x, 5.x)
I want to thank the members of the security team and the branch maintainers for their hard
work on these issues.
Special thanks go to Jeff Eaton for a last minute review of the installer patch, Robert
Douglass for release coordination, and die Zeit Online for sharing the results of a code
audit with us.
Gábor Hojtsy no doubt has something to say about 6 beta 2 later, but he also acted as the
4.7.8 branch maintainer substitute. Thanks.
on behalf of the Drupal security team.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.drupal.org/pipermail/development/attachments/20071018/6595ecb6/attachment.pgp
More information about the development