RDKsoftware (webmaster)

This list keeps track of recent security measures in Drupal. The information is distilled from Security Announcements.

To understand the list you need to understand Drupal's versioning system:
Drupal major . Drupal minor - Module major . Module minor
When you see a module update labeled 5.x-4.2, update that module to at least version 4.2 in all versions of Drupal 5.

Also, unless it is explicitly mentioned, these are only updates to 3rd party modules. There is usually no reason to update Drupal itself.

• Modules to update
• Admin:hover (in development) before 2008-Oct-08
• AJAX Picture Preview, 6.x-1.2
• Banner Rotor Module, 6.x-1.3
• Brilliant Gallery, 5.x-4.2
• CCK (content construction kit), 5.x-10 and 6.x-2.0
• Comment Mail, 5.x.1.1
• Creative Commons Lite, 6.x-1.1
• Keyboard shortcut utiilty, 6.x-1.1
• Live, 6.x-1.0
• LiveJournal CrossPoster, 6.x-1.4
• Localization, 5.x-1.1 and 6.x-1.6
• Node Clone 5.x-2.6 and 6.x-1.0 (beta2)
• Node Vote 5.x-1.1 and 6.x-1.0
• services 5.x-0.92 and 6.x-0.13
  doesn't sign enough info and it uses a weak hash
• SIOC, 5.x-1.2 and 6.x-1.2
• Storm project, 5.1-14 and 6.x-1.18
• Taxonomy import/export via XML, 6.x-1.2
• User Karma, 5.x-1.13 and 6.x-1.0
• User Referral (development) before October 8, 2008
• Views, 6.x-2.2
  Some data from CCK is not sanitized and results in SQL injections
• Patching/updating the core:
• Drupal 5
  
  • Drupal 5.10 to 5.11
    (http://drupal.org/files/sa-2008-060/SA-2008-060-5.10.patch)
  • Drupal 5.11 to 5.12
    (http://drupal.org/files/sa-2008-060/SA-2008-067-5.11.patch)
• Drupal 6
  
  • 6.4 to 6.5
    (http://drupal.org/files/sa-2008-060/SA-2008-060-6.4.patch)
  • 6.5 to 6.6:
    (http://drupal.org/files/sa-2008-067/SA-2008-067-6.5.patch)
  • 6.6 to 6.7:
    (use SA-2008-073-6.6.patch)
• modules to remove from your site
• EVERYBLOG
• Sindig-Inegrator
• other issues
• the robots.txt and .htaccess files have changed and need to be replaced. The settings.php file has not been changed and can be left as it was if upgrading from the current version of Drupal.
• When modifying a module for Drupal 6; be careful and read the manual for the Drupal 6 menu system since this is a touchy task:
  [http://drupal.org/node/109157]