Security release: Drupal 6 and 7

The Drupal project released a new version that fixes several security issues; upgrading your existing Drupal 7 and 6 sites is strongly recommended.


The new version fixes:

• Cross-site Scripting - Ajax system - Drupal 7: A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax() on a whitelisted HTML element.
• Cross-site Scripting - Autocomplete system - Drupal 6 and 7: A cross-site scripting vulnerability was found in the autocomplete functionality of forms. The requested URL is not sufficiently sanitized.
• And other changes that you can check in the official security advisory. 

In response to the new version we have released Bitnami Drupal7 and 6 installers, virtual machines and Amazon EC2,Google, Azure, VMware and DigitalOcean cloud images that fix these issues. There are no new features or non-security related bug fixes in these releases.

You should patch your Drupal version as soon as possible. You can follow the step-by-step instructions via this blog post. Stated simply, you will need to ssh to your machine, ssh to the Drupal installation directory and execute drush.

$ cd /opt/bitnami/apps/drupal/htdocs
$ drush up

If everything goes well, you should see something similar to the following:

Project drupal was updated successfully. Installed version is now 7.39.
Backups were saved into the directory /home/bitnami/drush-backups/bitnami_drupal7/20150820155354/drupal.                  [ok]
No database updates required                               [success]
'all' cache was cleared.                                   [success]

Finished performing updates.                                    [ok]


Have questions about Bitnami Drupal? Post to our community forum, and we would be happy to help you.