Drupal 6.14 has been released to fix multiple critical security vulnerabilities, as well as other, smaller issues. No new functionality has been included. Full details about the security issues addressed by this bugfix are available at http://drupal.org/node/579482 . The release announcement can be found at http://drupal.org/drupal-6.14 .
Drupal 6.14 is not yet available upstream for merging.
Vulnerabilities fixed are:
* OpenID association cross site request forgery vulnerability;
* OpenID impersonation vulnerability;
* File upload creates files that are executable by Apache vulnerability.
Binary package hint: drupal6
Drupal 6.14 has been released to fix multiple critical security vulnerabilities, as well as other, smaller issues. No new functionality has been included. Full details about the security issues addressed by this bugfix are available at http:// drupal. org/node/ 579482 . The release announcement can be found at http:// drupal. org/drupal- 6.14 .
Drupal 6.14 is not yet available upstream for merging.
Vulnerabilities fixed are:
* OpenID association cross site request forgery vulnerability;
* OpenID impersonation vulnerability;
* File upload creates files that are executable by Apache vulnerability.