[development] Drupal 4.7.8, 5.3 released

Heine Deelstra hdeelstra at gmail.com
Wed Oct 17 22:30:50 UTC 2007


Dear Drupal developers,

We have just released Drupal 4.7.8 and 5.3. These are maintenance releases that fix
problems reported using the bug tracking system and a number of security vulnerabilities.

The release announcement can be found on http://drupal.org/drupal-5.3

The following security announcements were issued:

http://drupal.org/node/184315 HTTP response splitting (4.7.x, 5.x)
http://drupal.org/node/184316 Arbitrary code execution (5.x)
http://drupal.org/node/184320 XSS via uploads (4.7.x, 5.x)
http://drupal.org/node/184348 User deletion CSRF (5.x)
http://drupal.org/node/184354 Comment status handling (4.7.x, 5.x)

I want to thank the members of the security team and the branch maintainers for their hard
work on these issues.

Special thanks go to Jeff Eaton for a last minute review of the installer patch, Robert
Douglass for release coordination, and die Zeit Online for sharing the results of a code
audit with us.

Gábor Hojtsy no doubt has something to say about 6 beta 2 later, but he also acted as the
  4.7.8 branch maintainer substitute. Thanks.

Regards,

Heine Deelstra

on behalf of the Drupal security team.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.drupal.org/pipermail/development/attachments/20071018/6595ecb6/attachment.pgp 


More information about the development mailing list