Files Changed In Drupal Upgrade From 6.5 - 6.6

Files Changed in Drupal Upgrade from 6.5 to 6.6

Here is a list of files that have been modified since Drupal version 6.5. Image and info files are not included. We will list the directories followed by the files within them that were updated. While we've done our best to maintain their accuracy, we do not guarantee the correctness of these lists, and will not be held responsible for any problems you encounter as a result of their use. If unsure, please follow the official upgrade instructions included in your distribution's download.

Important Security Fixes in Drupal 6.6

FILE INCLUSION

On a server configured for IP-based virtual hosts, Drupal may be caused to
include and execute specifically named files outside of its root directory.
This bug affects both Drupal 5 and Drupal 6.

CROSS SITE SCRIPTING

The title of book pages is not always properly escaped, enabling users with the
"create book content" permission or the permission to edit any node in the book
hierarchy to insert arbitrary HTML and script code into pages. Such a Cross site
scripting attack may lead to the attacker gaining administrator access.

The upgrade to 6.6 is essential. Visit Drupal.org for details.

root

• CHANGELOG.txt
• install.php

includes

• actions.inc
• bootstrap.inc
• common.inc
• database.inc
• file.inc
• form.inc
• menu.inc
• path.inc
• session.inc
• theme.inc
• xmlrpc.inc

misc

• tabledrag.js
• tableheader.js

modules

• block/block.admin.inc
• book/book.admin.inc
• forum/forum-topic-list.tpl.php
• locale/locale.module
• profile/profile.admin.inc
• system/system.admin.inc
• system/system.module
• translation/translation.module
• user/user-profile.tpl.php

note: the above module changes do not include the .info files, which always change. You will need to upload these as well in order for update status to recognize your update. In short, we recommend simply uploading all core module files.