JavaScript vulnerability in Drupal prompts 6.1 release

Submitted by Tom Kephart on Wed, 02/27/2008 - 6:43pm.

A "moderately critical" ECMAScript/JavaScript vulnerability in Drupal has been fixed in the latest release, version 6.1. All users of the 6.0 version of Drupal are encouraged to patch their current installations or install the complete version 6.1 files.

A potential cross-site scripting (XSS) vulnerability (SA-2008-018) existed in the handling of titles on content edit forms. A JavaScript function used to escape text wasn't working correctly, and is fixed in the latest version.

The legacy 5.x line of Drupal remains at version 5.7, and is not affected by this vulnerability.

Drupal 6.1 is available for download from the main Drupal website.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Magnoliacom
  • Newsvine
  • Google
  • Technorati
  • Icerocket

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Looks like it is time for an

Submitted by Cheap Punk Clothes (not verified) on Fri, 07/04/2008 - 6:30am.

Looks like it is time for an upgrade then! Thanks.

Wow Drupal 6.1 came quickly

Submitted by DUI Attorneys California (not verified) on Tue, 07/01/2008 - 7:48am.

I can't believe that they made a large upgrade to Drupal already, Is 6.2 out yet or know? Thanks for the info, I have to update to fix this problem.

Glad I found this. I guess

Submitted by Frankie (not verified) on Sun, 06/29/2008 - 8:19pm.

Glad I found this. I guess it is time for me to upgrade a few sites and close off that vulnerability.

برامج نت

Submitted by Anonymous (not verified) on Sat, 06/21/2008 - 2:08pm.

برامج نت

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.