Security update

The seventh maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-073 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.6 release:

• - Patch #324118 by winterheart: fixed invalid XHTML being generated for forum topic listings.
• - Patch #329019 by dww, sun: fixed PHP warning.
• #315739 by sun: The theme name is in arg(4) on the block admin page, so only redirect to theme specific page if that is set.
• - Patch #329646 by Damien Tournoud: properly reset user_access().
• - Patch #255293 by Gribnif, maartenvg: incorrect regex causes some aggregated CSS to fail.
• #329998 by pwolanin: escape markup looking non-HTML tags in schema descriptions

This fixes a security hole - since it is still "alpha" there is no SA.

This should not be considered a stable release- the module is undergoing active development

This fixes a security hole - since it is still "alpha" there is no SA.

SA-2008-072 - Storm Project - SQL injection

SA-2008-072 - Storm Project - SQL injection

New Release