Drupal users urged to upgrade to 6.4 and 5.10

Today saw the release of Drupal 6.4 and 5.10. All Drupal system administrators are strongly advised to update their systems as multiple security vulnerabilities have been found and fixed. The update can be found on the Drupal website.

There were a number of bugs found in the core upload module, which could allow users to to edit nodes which they are normally not allowed to, delete any file to which the webserver has sufficient rights, and download attachments of nodes to which they have no access. Problems were also found which could allow malicious users to insert script code into pages.

A few minor bug fixes were also incorporated into the update, but all new features are being held back until version 7 is ready.

Visit the Drupal website for a detailed report of all the problems that were identified and fixed.