February 24th, 2016
Drupal 8.0.4, Drupal 7.43, and Drupal 6.38, maintenance releases which contain fixes for security vulnerabilities, are now available for download.
Upgrading your existing Drupal 8, 7, and 6 sites is strongly recommended. There are no new features nor non-security-related bug fixes in these releases. For more information about the Drupal 8.0.x release series, consult the Drupal 8 overview. More information on the Drupal 7.x release series can be found in the Drupal 7.0 release announcement, and more information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.
We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.
Drupal 8 and 7 include the built-in Update Manager module, which informs you about important updates to your modules and themes. Drupal 6 has reached its end of life (EOL) and will not get further updates.
Drupal 6 has reached its end of life (EOL), so it will not receive further bug fixes or official releases.
Drupal 8.0.4, 7.43, and 6.38 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisories:
- Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
To fix the security problem, please upgrade to either Drupal 8.0.4, Drupal 7.43, or Drupal 6.38.