Drupal 4.6.7 and Drupal 4.7.1 are available for download. These are maintenance releases that fix problems reported using the bug tracking system, as well as two security vulnerabilities.

Upgrading your existing Drupal sites is strongly recommended.

There are no new features in these installments. For more information about the Drupal 4.6.x release series, please consult the Drupal 4.6.0 release announcement. For more information about the Drupal 4.7.x release series, consult the Drupal 4.7.0 release announcement.

A complete list of all bug fixes in the stable DRUPAL-4-6 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-4-6.

A complete list of all bug fixes in the stable DRUPAL-4-7 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-4-7.

Download

Security vulnerabilities

Drupal 4.6.7 fixes two highly critical security vulnerabilities. Details can be found in the official security advisory:

  1. http://drupal.org/files/sa-2006-005/advisory.txt
  2. http://drupal.org/files/sa-2006-006/advisory.txt

To fix this security problem, you can (1) upgrade Drupal or (2) patch Drupal.

  1. To upgrade Drupal, consult the information below.
  2. To patch Drupal 4.6.6 to Drupal 4.6.7, use the patches below:
  3. To patch Drupal 4.7.0 to Drupal 4.7.1, use the patches below:
  4. Make sure you have a .htaccess in your "files" dir and it contains this line:

    SetHandler This_is_a_Drupal_security_line_do_not_remove

    The full download of 4.6.7/4.7.1 contains code which will try to create this file for you when you visit the Administration >> Settings (admin/settings) page.

Upgrading

To upgrade Drupal, follow the FTP GUI client upgrade instructions or the href="http://drupal.org/node/53798">Unix command line upgrade instructions.

Note that you still need to run the databse upgrade afterwards if you upgrade from 4.7.0 to 4.7.1 but not if uprading from 4.6.6 to 4.6.7.

For the most trouble-free transition from an existing installation, it is recommended that you first upgrade to Drupal 4.6.6. If you are upgrading from Drupal 4.5.x or below, please consult the Drupal 4.6.0 release announcement. To upgrade from Drupal 4.6.6, upload all of the files and directories in the Drupal 4.6.6 package to your webserver, replacing older copies of the files. As with any upgrade, it is a good idea to back up your site and database first.

No API or database changes have been made since Drupal 4.6.6 so all contributed themes and modules that work for 4.6.6 will work with 4.6.7.

Security infrastructure

We have a security announcement mailing list, a history of all security advisories, and an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Bug reports

Both Drupal 4.6 and 4.7 branches are still being maintained so given enough bug fixes (not just bugreports) more maintenance releases will be made available.