Drupal 4.7.11 and 5.6 are now available HERE Drupal 4.7.11 and 5.6 now require PHP version 4.3.5 or higher. Drupal no longer support servers with the PHP directive register_globals set to on. Attempts to install Drupal 5.6 when register_globals is enabled will fail. Current installations will continue to function, but will display an error on administration pages and the status report. Drupal 4.7.11 Release Notes * SA-2008-005 - Drupal core - Cross site request forgery * SA-2008-006 - Drupal core - Cross site scripting (UTF8) * SA-2008-007 - Drupal core - Cross site scripting (register_globals) * #168315, backport * #89218, backport * #204855, backport Drupal 5.6 Release Notes * SA-2008-005 - Drupal core - Cross site request forgery * SA-2008-006 - Drupal core - Cross site scripting (UTF8) * SA-2008-007 - Drupal core - Cross site scripting (register_globals) * #173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files * #179164 by Heine: sort modules by name on the module admin page * #199640 by webernet: (usability) add option to select no taxonomy term in multiselect forms, not to rely on browser trickery * #199084 by chx: better conformance with ISO date formats in our xmlrpc code * #173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: document support in url() and l() and proper active class support for . * #89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll editing. * #64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since it is a count() query. * #200338 by m3avrck and quicksketch: fix transparent GIF resizing * #194652 by Heine: specify explicit accept-charset for forms to avoid browser guessing * #182410 by greggles: HTTP Basic authentication username and password was parsed in drupal_http_request() but then not used in the request * - Patch #201894 by David Rothstein: fixed typo in user output. * #180126 by mmoreno, drewish and scor: add realpath() call to file_save_data(), so Windows will create temporary files properly * #115689 by chx: new content types should not overwrite old ones. Backport by Pancho. * #203727 by Arancaytar. More effectively use hook API. * #204855 by webernet. Add missing * in documentation. * #168315 by schuyler1d: previous active database name was not consistently returned in db_set_active() * - Patch #199955 by saxofaan: file_upload_max_size() returns results in bytes, not in mega bytes. * #194579 patch by pwolanin: clear filter cache when allowed HTML tags configuration changes in an input format * #166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages. * #58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN on editing. * Partial backport of #112715 to fix #124641. Drupal 6 RC 2 Release Notes Since the first release candidate, they have fixed various issues including the security fixes that come with Drupal 5.6 and others involving caching filtered content, menu item inheritance, missing breadcrumbs, better error reporting in the installer and updates, some translatability issues and lots of code style cleanups, and other small fixes. The most notable usability improvement since Drupal 6.0 RC1 is that the files directory is now automatically created in sites/default.