Release Notes: A major overhaul of the underlying design, replacing/rewriting existing modules, and various new modules have been added. Among the new modules are a blog module, a poll module, a static page module, a forum module, a collabortive book writing module, a statistics module, and a new content syndication framework to import and export RSS/RDF/XML feeds.
Release Notes: Multiple vulnerabilities were fixed related to optimistic cross-site request forgery protection in the Form API validation, multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand() which affected the Form API, OpenID and random password generation, code execution prevention using the files directory .htaccess for Apache, access bypassing for security token validation, cross-site scripting in the image and color modules, and an open redirect in the overlay module.
Release Notes: This release fixes multiple vulnerabilities due to optimistic cross-site request forgery protection, multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand(), code execution prevention, and access bypassing. To fix the code execution prevention vulnerability on existing Apache installations also requires changes to your site's .htaccess files in the files directories.
Release Notes: Resolves a vulnerability that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. An arbitrary PHP code execution vulnerability was also fixed in the file upload module.
Release Notes: Resolves security issues with an access bypass in the user and upload modules as well as arbitrary PHP code execution in the file upload module.
Release Notes: This is a maintenance release. It includes bugfixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release. No security fixes are included in this release. Besides documentation fixes, no changes have been made to the .htaccess, robots.txt, or settings.php files in this release, so upgrading custom versions of those files is not necessary.