Drupal 6.14 and 5.20, maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities, are now available for download. Both releases fix some other smaller issues as well.
Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement, more information on the 5.x releases can be found in Drupal 5.0 release announcement.
We have a security announcement mailing list, a history of all security advisories, and an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.
Drupal 6 also includes the Update status module built-in, which informs you about important updates to your modules and themes.
The full list of changes between the 6.13 and 6.14 releases can be found by reading the 6.14 release notes. A complete list of all bug fixes in the stable DRUPAL-6 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-6.
The full list of changes between the 5.19 and 5.20 releases can be found by reading the 5.20 release notes. A complete list of all bug fixes in the stable DRUPAL-5 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-5.
Drupal 5.20 and 6.14 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:
To fix the security problem, you can either (1) upgrade Drupal or (2) patch Drupal.
We strongly recommend you do the full upgrade (which is also detailed in the security announcement) as the patches do not contain the additional bug fixes that went into the releases. Applying the patches will leave your site in an unversioned state and confuse the update status module, which will keep reminding you to upgrade to 6.14 or 5.20. Please read the announcement for details on the patch.
If you still prefer to patch Drupal, apply the http://drupal.org/files/sa-core-2009-008/SA-CORE-2009-008-6.13.patch file to your Drupal 6.13 codebase or http://drupal.org/files/sa-core-2009-008/SA-CORE-2009-008-5.19.patch to your Drupal 5.19 codebase.
Important update notes
It is important to run update.php. Drupal 6.14 includes database changes (added indexes and some column type changes to fit the stored data better).
These releases did not change the .htaccess and robots.txt files, so you can keep your existing files intact, if you have modifications in them. The (default.)settings.php file, however, was changed in Drupal 6, but only with some added tips for fixing possible local issues. If you do not experience those issues on your setup, you don't need to update your settings.php.
Note, that on Drupal 6.14, merely visiting the system module listing page does not serve as a cache clear trigger anymore. You'll need to use the button on the Performance configuration page or submit the modules page to achieve the same results. This was changed due to performance reasons.
Drupal 6.14 is the first stable release to support PHP 5.3.0, but this might not be true about the contributed modules you are using. Watch out for updates to your contributed modules if you experience problems with PHP 5.3.0 support.