Heine

It was a difficult delivery, but Drupal 5.2 and 4.7.7 have finally been released. As you can read in the release announcement, several vulnerablities were fixed.

There are two advisories:

• SA-2007-017: Cross site request forgeries - concerns Drupal 5.x prior to 5.2.
• SA-2007-018: Cross site scripting - concerns both Drupal 4.7.x prior to 4.7.7 and Drupal 5.x prior to 5.2.

An immediate upgrade to either 4.7.7 or 5.2 is recommended.

Signatures of the archives are attached below.