------------FALSE DRUPAL XSS ALARM ON BUGTRAQ------------ Someone under the pseudonym "Liz0ziM" sent a false security alarm to BugTraq without first contacting the security team: http://www.securityfocus.com/archive/1/420671/30/0/threaded This vulnerability is fixed in Drupal 4.5.6, 4.6.4 and onwards. Drupal's new XSS filter mechanism takes care of all vulnerabilities listed on http://ha.ckers.org/xss.html (and even more). If you have already updated to at least 4.5.6 / 4.6.4 then you are safe and you do not need to take any action. If you have not updated yet, then we advise you again to do so ASAP. -- Unsubscribe from this newsletter: http://drupal.org/newsletter/confirm/remove/9c03cd30a33509t44