For German speaking people we can now proudly claim to have a completed translation of the user interface, thanks to all the contributors! If you don't speak German, you can choose from one of the other 40+ translations for your site.
Read the release announcement for more information, I'm off upgrading a couple of sites now ;)
New versions of Drupal are out for the 4.5.x, the 4.6.x and the 4.7.0-beta branches which fix 4 (in words: four) security issues from four different categories, namely: access control bypassing, cross-site scripting, session fixation, and mail header injection.
Warning: If you're using 4.5.x, the patches for DRUPAL-SA-2006-003 will not fix the security issue immediately. You have two options: a) upgrade to 4.6.6 instead of 4.5.8, or b) upgrade to PHP >= 4.3.2.
Just a quick note: Drupal 4.7.0 beta 3 is available now, fixing more than 100 bugs since the last beta. If you have any further issues or suggestions for 4.7 — now is the time to speak up, file bug reports, post patches etc.
I haven't had too much time for Drupal development recently, but I guess I should really start updating the poormanscron module now (finally!) and help with getting the German translation up-to-date...
They sure have some funny quotes on their website ;-)
“Ruby on Rails is astounding. Using it is like watching a kung-fu movie,
where a dozen bad-ass frameworks prepare to beat up the little newcomer
only to be handed their asses in a variety of imaginative ways.”
--Nathan Torkington, O'Reilly Program Chair for OSCON
You might have already noticed, but I'll re-iterate nevertheless: the Drupal project has released Drupal 4.6.4 and 4.5.6 which fix three security vulnerabilities. Everyone running a Drupal site is advised to upgrade, as always.
Multiple people were mighty busy yesterday preparing, finalizing and testing the patches and advisories. I was one of them, although I was more like lurking around trying to look busy ;-) Anyways, I have sent the respective advisories (DRUPAL-SA-2005-007, DRUPAL-SA-2005-008, DRUPAL-SA-2005-009) to the "usual suspects" today: Bugtraq, Full Disclosure, and the php-sec mailing list. The advisories have already been picked up by Secunia and a bunch of other security sites...
Btw: I finally received news that my domain was transferred to my new web hoster today, which led to a short downtime. Everything should be fine now. If you notice any problems, please drop me a note.