injection

Drupal 4.5.8 / 4.6.6 / 4.7.0-beta6 fix four security issues!

New versions of Drupal are out for the 4.5.x, the 4.6.x and the 4.7.0-beta branches which fix 4 (in words: four) security issues from four different categories, namely: access control bypassing, cross-site scripting, session fixation, and mail header injection.

All the gory details are available in the release announcement and the four advisories: DRUPAL-SA-2006-001, DRUPAL-SA-2006-002, DRUPAL-SA-2006-003, and DRUPAL-SA-2006-004.

Upgrade now!

Warning: If you're using 4.5.x, the patches for DRUPAL-SA-2006-003 will not fix the security issue immediately. You have two options: a) upgrade to 4.6.6 instead of 4.5.8, or b) upgrade to PHP >= 4.3.2.

Syndicate content