Drupal 4.6.10 and Drupal 4.7.4 are available for download. These are maintenance releases that fix problems reported using the bug tracking system, as well as three security vulnerabilities.
Upgrading your existing Drupal sites is strongly recommended.
- Drupal 4.7.4 can be downloaded from http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.4.tar.gz.
- Drupal 4.6.10 can be downloaded from http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.10.tar.gz.
Edit: these releases do not support PHP 5.2 yet, but the next minor releases will.
There are no new features in these installments. For more information about the Drupal 4.6.x release series, please consult the Drupal 4.6.0 release announcement. For more information about the Drupal 4.7.x release series, consult the Drupal 4.7.0 release announcement.
A complete list of all bug fixes in the stable DRUPAL-4-6 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-4-6.
A complete list of all bug fixes in the stable DRUPAL-4-7 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-4-7.
Drupal 4.6.10 and Drupal 4.7.4 fix three security vulnerabilities. Details can be found in the official security advisory:
To fix this security problem, you can (1) upgrade Drupal or (2) patch Drupal.
- To upgrade Drupal, consult the information below.
- To fix the security issue in Drupal 4.7.3, use the patches below:
- To fix the security issue in Drupal 4.6.9, use the patches below:
We recommend you do the full upgrade as the patches do not contain the many additional bugfixes that went into the releases. Applying the patches will leave your site in a somewhat unversioned state, but at least secure.
For the most trouble-free transition from an existing installation, it is recommended that you first upgrade to Drupal 4.6.9 or Drupal 4.7.3. If you are upgrading from Drupal 4.5.x or below, please consult the Drupal 4.6.0 release announcement. To upgrade, upload all of the files and directories in the Drupal release package to your webserver, replacing older copies of the files. As with any upgrade, it is a good idea to back up your site and database first.
The advisory SA-2006-025 made small API changes necessary. Certain contributed themes and modules may display forms that will not accept input due to this change. We therefore advise you to test the upgrade with modules and themes in use, before committing to the upgrade.
Details on the changes can be found on the following pages:
We have a security announcement mailing list, a history of all security advisories, and an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.