May 25th, 2011
Drupal 7.1 and 6.21, maintenance releases which fix security vulnerabilities are now available for download.
Drupal 7.2 and 6.22 also fix other issues reported through the bug tracking system.
Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement, more information on the 6.x releases can be found in the Drupal 6.0 release announcement. Drupal 5 is no longer maintained, upgrading to Drupal 6 is recommended.
We have a security announcement mailing list, a history of all security advisories, and an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.
Drupal 7 and 6 include the built-in Update status module, which informs you about important updates to your modules and themes.
Drupal 7.1 only includes fixes for security issues. Drupal 7.2 also includes bugfixes. The full list of changes between the 7.0 and 7.2 releases can be found by reading the 7.2 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.
Drupal 6.21 only includes fixes for security issues. Drupal 6.22 also includes bugfixes. The full list of changes between the 6.20 and 6.22 releases can be found by reading the 6.22 release notes. A complete list of all bug fixes in the stable 6.x branch can be found at git commit log.
Drupal 7.1 and 6.21 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:
To fix the security problem, please upgrade Drupal.
What is included with each release?
We made two versions of both Drupal 7 and 6 available, so you can choose to only include security fixes (Drupal 7.1 and 6.21 respectively) or security fixes and bugfixes (Drupal 7.2 and 6.22). You can choose your preferred version. We are trying to make it easier and quicker to roll out security updates by making security-only releases available as well as ones with bugfixes included. We hope this helps you roll out the fixes as soon as possible. Read more details in the handbook.
The .htaccess file was changed in Drupal 7.2 to allow for simpler server configuration, while the (default.)settings.php just got a minor documentation fix that should not affect any copies. The robots.txt file did not change in Drupal 7.
The robots.txt file was changed in Drupal 6.22 to allow crawlers to index the contact page. The .htaccess and (default.)settings.php files were not changed in Drupal 6.
When updating to Drupal 6.22, you might loose some of your block configuration. Follow #1173012: Blocks lose settings during update.php and cache clears for more information. If you need to update to Drupal 6.22 and experience this issue in testing, you can roll back the patch from #235673: Changes to block caching mode not caught.