Drupal is at it again with another round of updated releases. While not major releases, these new versions from Drupal do address a number of security fixes and bugs that were brought to their attention via Drupal’s bug tracking system.

Drupal has announced that there will be no new features added to 6.x or 5.x. They are holding the feature updates and implementation of new features until they are ready to release Drupal 7.x in the near future.

A 7th security update for version 6 and the 13th security update for version 5 may not mean a whole slew of new features, but they do address major security issues.

Security Issues

In both versions there are potential vulnerabilities to users for creating cross site request forgeries as well as cross site scripting. Both of these vulnerabilities could potentially result in database damage or unfiltered content being published inadvertently.

Whether you are using Drupal 6.x or Drupal 5.x, it is highly recommended by the community to update to the newest version to eliminate the potential for security infringements.

There are two options to upgrade:.

Patching or Upgrading Current Drupal Versions

The first option for updating your Drupal version 5.x or 6.x is to simply patch your current core files with the updated ones. This is not the best option as the patch files do not contain certain bug fixes.

The second and best option is to do a full upgrade. This will ensure that all security fixes and bug fixes are addressed in your particular core code. You will also be better prepared for the Drupal 7 update which is expected to contain a number of new features.

It is also highly recommended that you run update.php to refresh the menu cache and other website caches. If you are using custom .htaccess or robot.txt files, you will want to make sure that any custom changes are retained since the updates modify both of these files.

Full upgrade files and patch files can be found here:

If you are using PHP 5.1.x or lower there is a warning that comes up upon login. According to the Drupal Community, “That patch has been rolled back in CVS, and we will be doing a bug fix release on December 11th.”

Get Ready for Drupal 7

Want new Drupal features? You’ll have to wait for Drupal 7 to be released. Until then get the upgrade files and ensure that your site is secure against the malicious threats described above.

If you are interested in learning more about Drupal, DrupalCon DC, the premier conference for Drupal developers, is right around the corner in March. While final submissions for sessions is over, tickets are still available. Get yours today and learn all the ins and outs of Drupal.