Release info

Created by: David_Rothstein
Created on: October 17, 2012 - 21:12
Last updated: October 18, 2012 - 03:55
Core compatibility: 7.x
Release type: Security update

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Update notes:

As a consequence of the security fixes in this release, sites using the OpenID module will reject login attempts from OpenID servers which return an XRDS file with a declared DOCTYPE (due to the possibility of malicious DOCTYPE declarations).

A DOCTYPE declaration is not part of the OpenID specification, so this is not expected to cause any problems for valid OpenID servers. However, sites using unusual or custom OpenID servers may wish to test OpenID logins before deploying this release.