• Buffer
  • Sharebar
  • Buffer
jethro's picture

Drupal Security Patches - upgrades available

Drupal has today announced Version 5.8 and 6.3, releasing security patches to fix some security flaws.

Here is the announcement:


drupal-logo1 Multiple vulnerabities and weaknesses were discovered in Drupal. Neither of these are readily exploitable.


Free tagging taxonomy terms can be used to insert arbitrary script and HTML code (cross site scripting [ http://en.wikipedia.org/wiki/Cross-site_scripting ] or XSS) on node preview pages. A successful exploit requires that the victim selects a term containing script code and chooses to preview the node. This issue affects Drupal 6.x only.

Some values from OpenID [ http://openid.net/what/ ] providers are output without being properly escaped, allowing malicious providers to insert arbitrary script and HTML code (XSS) into user pages. This issue affects Drupal 6.x only.

filter_xss_admin() has been hardened to prevent use of the object HTML tag in administrator input.

jethro's picture

Vintage Aviator developed in Drupal

The Vintage Aviator - Front page, on release, May 2008Wow – what an amazing website. Not only is the content fascinating – well to me anyway – I love old world war 1 and 2 vintage airplanes – and these machines a beauties – but the website is also a work of art. (and they are Kiwis!)

The Vintage Aviator is an amazing website. The developers have spent countless hours putting this together. There is a full description of what they did to make this work on the Drupal website.

They list all the modules they use as well as the custom modules developed and other tweaks they had to do. The developer, dman also explains how they solved the CSS issues (including ignoring some of the IE6 issues).

This is a great site – congrats to all involved.

jethro's picture

Finished Site Upgrade

Its done!

This site has been upgraded to version 6.2 of Drupal, and the theme has been changed. Nearly the same as before – just a little less cluttered and cleaner looking I hope.Feedback is always good!

drupal-logo1 I am really enjoying using Drupal 6.2. There are a lot of productivity gains for administrators now we are starting to get the hang of it. We have done 5 sites now.

Some of the cool features I have plugged into this site include the Views module, giving you the nice lists of data – like the Excel Posts, GeekGirl articles and Back To Basics Articles. By the way stay tuned for some more of these coming soon. There is also a translation feature provided by the Microsoft Live Team. Simply select your language from the drop down list and click the arrow to go and the site will split into two with English on the left and the other language on the right. I would really love some feedback from our foreign readers on this one.

Thanks for reading.

jethro's picture

Upgrade of Site

we have upgraded the site to Drupal 6.2.
Not everything is working yet and we haven't got the theme updated yet.
Please be patient as we turn things back on.