Download drupal-7.16.tar.gztar.gz 3 MB
MD5: 352497b2df94b5308e31cb8da020b631
SHA-1: 29cb7c77c5952649b37cafbb205cfbc6e53f99fc
SHA-256: 353625d8aa59a22b791fce8a00d22249900c7d3ea650662fdd6b0445e15e3c76
Download drupal-7.16.zipzip 3.42 MB
MD5: 5582dd6dc1d0abeca1904bc453fbc25c
SHA-1: da42fd5f733cb74e7e2e52da30900a1c304ed99b
SHA-256: 06d4dc2ddf5ae2566e88188af792b109752a660c5d3a1871c56562467ddf5b36

Release info

Created by: David_Rothstein
Created on: 17 Oct 2012 at 21:12 UTC
Last updated: 18 Oct 2012 at 03:55 UTC
Core compatibility: 7.x
Release type: Security update

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Update notes:

As a consequence of the security fixes in this release, sites using the OpenID module will reject login attempts from OpenID servers which return an XRDS file with a declared DOCTYPE (due to the possibility of malicious DOCTYPE declarations).

A DOCTYPE declaration is not part of the OpenID specification, so this is not expected to cause any problems for valid OpenID servers. However, sites using unusual or custom OpenID servers may wish to test OpenID logins before deploying this release.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects