Security update

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-068 - Localization client and Localization server - Cross site request forgery

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-068 - Localization client and Localization server - Cross site request forgery

In addition to this security vulnerability, the following changes have been made since the 6.x-1.5 release:

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-068 - Localization client and Localization server - Cross site request forgery

In addition to this security vulnerability, the following changes have been made since the 5.x-1.0 release:

The sixth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-067 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.5 release:

• - Patch #315656 by Damien Tournoud: fixed bug in drupal_lookup_path('wipe').
• - Patch #285165 by Heine, Gabor: fixed wildcard loader names with numbers.
• #285165 follow up by Damien Tournoud, pwolanin, chx: fixed wildcard loader problem
• - Patch #293078 by lilou: correction for user-profile.tpl.php documentation.
• - Patch #321165 by Dave Reid: fixed exceptions in XML-RPC library. Backported from CVS HEAD.
• #260372 by andershal and nedjo: All translations were removed from translation set when deleting a node and only two nodes are left.

The twelfth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-067 - Drupal core - Multiple vulnerabilities

DRUPAL-SA-2008-065

http://drupal.org/node/321737

The module contains a flaw that allows a user with the 'clone node' permission to potentially bypass normal viewing access restrictions, for example allowing the user to see unpublished nodes even if they do not have permission to view unpublished nodes.