The new version fixes:
- Cross-site Scripting - Ajax system - Drupal 7: A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax() on a whitelisted HTML element.
- Cross-site Scripting - Autocomplete system - Drupal 6 and 7: A cross-site scripting vulnerability was found in the autocomplete functionality of forms. The requested URL is not sufficiently sanitized.
- And other changes that you can check in the official security advisory.
You should patch your Drupal version as soon as possible. You can follow the step-by-step instructions via this blog post. Stated simply, you will need to ssh to your machine, ssh to the Drupal installation directory and execute drush.
$ cd /opt/bitnami/apps/drupal/htdocs
$ drush up
If everything goes well, you should see something similar to the following:
Project drupal was updated successfully. Installed version is now 7.39.
Backups were saved into the directory /home/bitnami/drush-backups/bitnami_drupal7/20150820155354/drupal. [ok]
No database updates required [success]
'all' cache was cleared. [success]
Finished performing updates. [ok]
Have questions about Bitnami Drupal? Post to our community forum, and we would be happy to help you.