Two new releases of the extremely popular open source content management system, Drupal, are available for public consumption. These new versions cover both the 5.x series and the 6.x series.
From the announcement:
Drupal 5.21 and 6.15 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:
To fix the security problem, you can either (1) upgrade Drupal or (2) patch Drupal.
We strongly recommend you do a full upgrade (which is also detailed in the security announcement) as the patches do not contain the additional bug fixes that went into the releases. Applying the patches will leave your site in an unversioned state and confuse the update status module, which will keep reminding you to upgrade to 6.15 or 5.21. Please read the announcement for details on the patch.
If you still prefer to patch Drupal, apply the http://drupal.org/files/sa-core-2009-009/SA-CORE-2009-009-6.14.patch file to your Drupal 6.14 codebase or http://drupal.org/files/sa-core-2009-009/SA-CORE-2009-009-5.20.patch to your Drupal 5.20 codebase.