Drupal has released it’s latest batch of updates 7.39 and 6.37 amidst security vulnerabilities that are now remedied by the new versions. Both Drupal 6 and 7 contained multiple security vulnerabilities but with the new updates the company is urging users to use the updates and protect themselves from further damage.
“Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases,” said the company in their release.Â
Some of the vulnerabilities that were listed by the company include, Cross-site scripting Ajax system, autocomplete system, SQL injection, cross-sit request forgery (API), information disclosure in menu links (Access System) and other smaller vulnerabilities, according to Drupal.
“The Ajax system now validates URLs before making an Ajax request. Existing code which uses the Drupal Ajax API in any of the standard ways should continue to work after this update,” said Drupal in their explanation of updates since 7.38.
“In the event you have unusual Ajax code which does not work with Drupal 7.39, you can have your code manually validate the URL in one of two ways. Either add the URL to the “urlIsAjaxTrusted” JavaScript setting (see ajax_pre_render_element() for an example) or call ajax_set_verification_header() in the Ajax callback function to mark the current URL as trusted. Only do this for URLs that you actually trust; Ajax requests in Drupal should never be made to untrusted URLs.”
The company is urging users to take advantage of the updates in order to make sure they avoid damage through the security holes in 7.38 and 6.36.
Read the full story.