Drupal 6.12 and 5.18 released, fixing security issues More information can be found -> HERE Drupal 6.12 and 5.18, maintenance releases fixing problems reported using the bug tracking system, as well as a critical security vulnerability, are now available for download. Both releases fix some other smaller issues as well. Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. Important update notes It is important to run update.php. These releases did not change the .htaccess, robots.txt and (default.)settings.php files, so you can keep your existing files intact, if you have modifications in them. Drupal 6.12 Release Note * SA-CORE-2009-006 - Drupal core - Cross site scripting * #353328 by catch, BrianV: When a new commment is added, the redirection path should point to page, where the new comment is. * #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate over the children in taxonomy_get_tree() anymore if we reached max_depth. * #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 pages, which caused problems for login redirects * #448268 by dww: Make sure that submitting the themes admin form clears out the update status cache, just like the modules admin form does. Drupal 5.18 Release Note * SA-CORE-2009-006 Drupal core - Cross site scripting * #396224 partial rollback of SA-CORE-2009-003 security hardening. * #396224 adding missing documentation comment update. By dvessel and pwolanin. * #267305 by brianV. Remove ?>. * #305544 by jsenich. Add missing clear-block to admin by modules. * #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient.