Drupal 4.5.8 / 4.6.6 is available

Drupal 4.6.6 is available for download. Drupal 4.6.6 is a maintenance release that fixes problems reported using the bug tracking system, as well as 4 security vulnerabilities (3 less critical and 1 moderately critical) that affect all previous versions of Drupal. Since the vulnerabilities are also present in the Drupal 4.5 series and the last Drupal 4.7.0-beta release, Drupal 4.5.8 and Drupal 4.7.0-beta6 are released as well.

Note: Drupal 4.7RC4 has been released since this announcement.

Upgrading your existing Drupal sites is strongly recommended.

There are no new features in these installments. For more information about the Drupal 4.6.x release series, please consult the Drupal 4.6.0 release announcement.

A complete list of all bug fixes in the stable DRUPAL-4-6 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-4-6.

A complete list of all bug fixes in the stable DRUPAL-4-5 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-4-5.

Download

• Drupal 4.6.6 can be downloaded from http://drupal.org/files/projects/drupal-4.6.6.tar.gz.
• Drupal 4.5.8 can be downloaded from http://drupal.org/files/projects/drupal-4.5.8.tar.gz.
• Drupal 4.7.0-beta6 can be downloaded from http://drupal.org/files/projects/drupal-4.7.0-beta6.tar.gz.

Security vulnerabilities

Drupal 4.6.6 fixes 4 security vulnerabilities (3 less critical and 1 moderately critical). Details can be found in the official security advisories:

1. http://drupal.org/sa-2006-001/advisory.txt
2. http://drupal.org/sa-2006-002/advisory.txt
3. http://drupal.org/sa-2006-003/advisory.txt
4. http://drupal.org/sa-2006-004/advisory.txt

To fix these security problems, you can (1) upgrade Drupal or (2) patch Drupal.

1. To upgrade Drupal, follow the FTP GUI Client upgrade instructions or the Unix command line upgrade instructions, and consult the information below.
2. To patch Drupal 4.6.5 to Drupal 4.6.6, use the patches below:
   • http://drupal.org/files/sa-2006-001/4.6.5.patch
   • http://drupal.org/files/sa-2006-002/4.6.5.patch
   • http://drupal.org/files/sa-2006-003/4.6.5.patch
   • http://drupal.org/files/sa-2006-004/4.6.5.patch
3. To patch Drupal 4.5.7 to Drupal 4.5.8, use the patches below:
   • http://drupal.org/files/sa-2006-001/4.5.7.patch
   • http://drupal.org/files/sa-2006-002/4.5.7.patch
   • http://drupal.org/files/sa-2006-003/4.5.7.patch
   • http://drupal.org/files/sa-2006-004/4.5.7.patch

Upgrading

To upgrade Drupal, follow the FTP GUI Client upgrade instructions or the Unix command line upgrade instructions.

For the most trouble-free transition from an existing installation, it is recommended that you first upgrade to Drupal 4.6.5. If you are upgrading from Drupal 4.5.x or below, please consult the Drupal 4.6.0 release announcement. To upgrade from Drupal 4.6.5, upload all of the files and directories in the Drupal 4.6.6 package to your webserver, replacing older copies of the files. As with any upgrade, it is a good idea to back up your site and database first.

No API or database changes have been made since Drupal 4.6.5 so all contributed themes and modules that work for 4.6.5 will work with 4.6.6.

On the Drupal 4.5 branch no API or database changes have been made since Drupal 4.5.7 so all contributed themes and modules that work for 4.5.7 will work with 4.5.8.

If you are upgrading from an earlier 4.7.0 beta, we recommend your clear your browser cache, as some people have reported issues with old JavaScript files being cached.

Security infrastructure

Remember that we have a security announcement mailing list, a history of all security advisories, and an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Bug reports

The Drupal 4.6 branch is still being maintained so given enough bug fixes (not just bug reports) more maintenance releases will be made available.