Security Public Service Announcements

Subscribe to Security Public Service Announcements feed
Updated: 2 hours 35 min ago

False Drupal XSS alarm on BugTraq

Wed, 01/04/2006 - 11:15am

Someone under the pseudonym "Liz0ziM" sent a false security alarm to BugTraq without first contacting the security team:

This vulnerability is fixed in Drupal 4.5.6, 4.6.4 and onwards. Drupal's new XSS filter mechanism takes care of all vulnerabilities listed on (and even more).

If you have already updated to at least 4.5.6 / 4.6.4 then you are safe and you do not need to take any action. If you have not updated yet, then we advise you again to do so ASAP.