6.x

Maintenance and security release of the Drupal 6 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

No other fixes are included.

This is an incremental release for ctools 6.x-1.x. ctools 6.x is only maintained for security releases, and contains the following issue:

SA-CONTRIB-2015-079 - Chaos tool suite (ctools) - Multiple vulnerabilities

If you haven't already we suggest updating to Drupal 7 to get the most out of new ctools features!

Version 6.x-1.5
---------------
When the user logs out of Drupal, s/he also is logged out of phpFreeChat (a phpFreeChat /quit command is issued programmatically when the Drupal logout event occurs).

You can try out the chatbox live on a Drupal 6 site here: http://permutations.com/drup/

This release of 6.x-3.x fixes one security issue. Updating is strongly recommended for all Drupal 6 webform users.
See SA-CONTRIB-2015-078 - Webform - Cross Site Scripting (XSS) for details.

Security issue

When a webform component is used as the "To" address or addresses for sending an e-mail, the name of the component is not sufficiently sanitized when it is displayed in the list of e-mail settings, leading to a Cross Site Scripting (XSS) vulnerability.

#1335418: No value for $edit['multiblock_delta']

Stable release for D6