Drupal

New version of Drupal is out. Upgrade is very recommended because this version fixed cross site scripting bug that can allow users to inject arbitrary HTML and script code in certain pages. Also couple of minor bugs are fixed.

This was a nice chance to test new update module that is now shipped in core of Drupal install. When I went to admin/build/modules link and hit check available updates nice red message warn me about security update:

After one year of development Drupal 6.0 is finally here. There are many great new stuff in it such as:

Anybody used og module for Drupal knows what powerfully features this modules give users - ability to organize themselves in public groups, private groups... Private groups gives your Drupal users opportunity to share content only accessible to other group members. BUT user will be maybe tempted to think that file attachments to private group nodes are also private, and that is off course very wrong. Drupal stores files in to publicly available 'files' folder. Every node file attachment is available with next url http://drupalsite/files/somefile.txt.

New versions of Drupal is released. This is a security release witch fix 3 security cross site scripting bugs. Security risks are from less to moderately critical and upgrade is recommended. I have just upgraded montenasoft.com/drupal with 5.6 version and everything went smooth.