Drupal has today announced Version 5.8 and 6.3, releasing security patches to fix some security flaws.
Here is the announcement:
Multiple vulnerabities and weaknesses were discovered in Drupal. Neither of these are readily exploitable.
CROSS SITE SCRIPTING
Free tagging taxonomy terms can be used to insert arbitrary script and HTML code (cross site scripting [ http://en.wikipedia.org/wiki/Cross-site_scripting ] or XSS) on node preview pages. A successful exploit requires that the victim selects a term containing script code and chooses to preview the node. This issue affects Drupal 6.x only.
Some values from OpenID [ http://openid.net/what/ ] providers are output without being properly escaped, allowing malicious providers to insert arbitrary script and HTML code (XSS) into user pages. This issue affects Drupal 6.x only.
filter_xss_admin() has been hardened to prevent use of the object HTML tag in administrator input.
Wow – what an amazing website. Not only is the content fascinating – well to me anyway – I love old world war 1 and 2 vintage airplanes – and these machines a beauties – but the website is also a work of art. (and they are Kiwis!)
The Vintage Aviator is an amazing website. The developers have spent countless hours putting this together. There is a full description of what they did to make this work on the Drupal website.
They list all the modules they use as well as the custom modules developed and other tweaks they had to do. The developer, dman also explains how they solved the CSS issues (including ignoring some of the IE6 issues).
This is a great site – congrats to all involved.
Its done!
This site has been upgraded to version 6.2 of Drupal, and the theme has been changed. Nearly the same as before – just a little less cluttered and cleaner looking I hope.Feedback is always good!
I am really enjoying using Drupal 6.2. There are a lot of productivity gains for administrators now we are starting to get the hang of it. We have done 5 sites now.
Some of the cool features I have plugged into this site include the Views module, giving you the nice lists of data – like the Excel Posts, GeekGirl articles and Back To Basics Articles. By the way stay tuned for some more of these coming soon. There is also a translation feature provided by the Microsoft Live Team. Simply select your language from the drop down list and click the arrow to go and the site will split into two with English on the left and the other language on the right. I would really love some feedback from our foreign readers on this one.
Thanks for reading.
Recent comments
10 years 37 weeks ago
10 years 37 weeks ago
10 years 39 weeks ago
10 years 39 weeks ago
10 years 39 weeks ago
10 years 39 weeks ago
10 years 39 weeks ago
10 years 39 weeks ago
10 years 39 weeks ago
10 years 39 weeks ago