You are here
Submitted by donty on Tue, 2009/06/23 - 01:47
Hi All
This will sound like a whinge but, it looks like the Turnkey Drupal 6.11 may have a serious cross site scripting error which was patched and updated by Drupal on 13th May but hasnt made it into the Turnkey iso or repositories.
Just wondered since XSS is so big a pain whether it could be included quickly to avoid proliferation?
Thanks
Kevin
Forum:
Good point
FYI, though we realize both can have serious consequences, we usually consider XSS vulnerabilities to be of lower priority than remote execution vulnerabilities. Especially in the middle of a development cycle.
Anyhow, note that just like with any other installation of Drupal on Ubuntu you can always apply a patch by hand. We've been importing the Drupal packages from Debian unstable after we test them. You could always install that package and do the testing yourself. If possible report back to the community so we can build on your experience.
Tested and updated package archive
Anyway, you can read more in the update announcements for drupal5 and drupal6.
That's great news,
Add new comment