As expected, this week the Drupal development team released Drupal 7.3 and Drupal 7.4. 

Drupal 7.3, a maintenance release which fixes security vulnerabilities is now available for download.

Drupal 7.4 also fixes other issues reported through the bug tracking system.

Upgrading your existing Drupal 7 sites is strongly recommended. There are no new features in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

I usually don't mention upgrades of content management systems that introduce no new features to the user. However, this particular upgrade was personal as it rolled back some previous changes that were causing a lot of grief for a number of contributed modules I want to use on this site.  Needless to say, I upgraded my sites to Drupal 7.4 within hours after the new version was made available to the public.

A couple months ago, Technorati announced that users of Wordpress needed to upgrade to the latest available version (now at Version 2.5). This week, Technorati announced that blogs remaining vulnerable to identified security exploits may no longer be indexed by their service.

Because of this ongoing problem, we're discontinuing processing crawls of blogs that exhibit common symptoms of being compromised. We strongly recommend upgrading your WordPress installation. Even if you haven't been afflicted by a compromise, by the time you are aware that you have been a number of negative consequences may have already occurred (for instance, flagged spam by Technorati, Google or Yahoo!) -- this has been reported by many WordPress users.

By not upgrading your software, the search engine services may block your site from being listed. I can't think of a greater incentive to update your content management software to the latest version than the threat of being delisted. This is a bold move by Technorati. I'm personally glad Technorati is taking a stand against sites hosting older versions of Wordpress with the known security holes. In my opinion, there really isn't a good reason you shouldn't be upgrading your Wordpress site to the latest version.

For those that are curious, I've started an image gallery of screenshots I've taken while playing with Drupal 6. Not much in the gallery yet, but I'll place more in their from my weekend visits with Drupal 6.

CMS Made Simple 1.0.3 was released to fix a number of bugs and security issues. Some of the changes in 1.0.3 as reported in the ChangeLog since CMS Made Simple 1.0.2 was released include:

• Fixed several non-permenant XSS vulnerabilities- Fixed issue with breadcrumbs plugin displaying root node multiple times
• Fixed issue with multiple events being entered
• Removed global references to $db from the admin and include.php
• Added event for "Change Group Permissions"
• Fixed issue where 2 installs on the same domain shared login sessions
• Changed search schema layout
• Now allows for expiration dates on entries
• Added catpcha module support to the contact_form plugin (you still need to manually install the Captcha module for this to work)

Are you tired of all the Drupal and Wordpress posts we've been doing lately here at CMS Report? Not my fault...I only report the CMS news! The fact is that among the open source CMS that I post about...both Drupal and Wordpress have been churning out a lot since the New Year started. The release of Wordpress 2.0.7 is just a good example as any.

Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We’re able to work around it fairly easily, so we’ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.

Interestingly, if you are upgrading from Wordpress 2.0.6, you don't want to do a complete update. Instead, you can just copy over the following six files to get you at version 2.0.7:

The final version of SMF 1.1 is out. That's right, as far as 1.1 goes, no more release candidates for this forum software.

SMF is by far one of the easiest Web applications to install and upgrade that I have come across. In fact I upgraded my WebCMS Forum within 24 hours of the release and haven't looked backed. Though, I'm giving a week or two for some burn in time before I upgrade a client's site.

Instead of listing all the new features since 1.0, below are the major changes since SMF 1.1 RC3 was released. Release candidates in SMF are typically stable and introduce new features. In fact most open source projects would actually have given the RCs new version numbers.

Significant changes between SMF 1.1 RC3 and SMF 1.1 include:

• Option to require visual verification when sending a personal message
• Adjusted readability of visual verification system
• Added option to limit number of personal messages that can be sent per hour
• Fixed several javascript errors
• Fixed time offset bug
• Disallowed multiple failures with visual verification
• Made several UTF8 fixes
• Fixed various undefined index errors

You can read the SMF 1.1 announcement at Simple Machines by clicking here.

"Corporate buyers may be slow to adopt the new operating system and Office business programs."

Complete Story

A debate that is going on among many CMS projects. Ryan Boren asks if it's time for Wordpress to drop support for MySQL 3.23?

WordPress currently requires MySQL 3.23.23 or greater. We’ve long avoid bumping our requirements so that we could accommodate the widest variety of hosting environments. We understand that people don’t want to upgrade a platform that is working just fine for them. However, supporting these older versions adds development and support costs. Recently, a commit went into trunk that bumped the MySQL requirement from 3.23.23 to 4.0 or greater. Considering that MySQL AB is dropping support for 3.23 and no longer provides binary downloads for 3.23, is it time for WordPress to move on? How many of you are still running 3.23?

You also may want to note that he proposes putting minimum support for MySQL starting with version 4.0. Shouldn't we just get through the pain of an upgrade in one try...how about minimum support for MySQL 4.1? I also know some MySQL fanatics that argue most database users should be at MySQL 5.x.

Complete Story

Nucleus version 3.24 has been released:

This release fixes a recently discovered cross site scripting issue. While there are no new features in this release, upgrading is recommended when your Nucleus installation has the "Allow Visitors to Create a Member Account" option enabled.

Click here for the original post at nucleuscms.org as well as download links.

By the way, thanks to the folks at Nucleus for recommending users to upgrade to the new version and not saying that it is a required or mandatory upgrade. I don't know why that gets my goat, but the rebel geek inside of me always resists doing what others think I should be required to do.

Wordpress 2.0.5 was released late last week. This new version of Wordpress mainly contains bugfixes, security fixes, and some very minor enhancements. According to the original announcement at Wordpress.org, the fixes center around feeds, custom fields, and internationalization. Links to download Wordpress 2.0.5 are available at the "official" Wordpress 2 download page.

Also, some Wordpress users after upgrading to version 2.0.5 have experienced Server 500 errors. If you are one of these unfortunate users, check out Mark Jaquith's blog for a plug-in that should fix this known problem.

"A Cross-Site-Scripting (XSS) problem has been discovered in indexed search."

Complete Story

"Joomla! 1.0.11 [ Sunbird ] is now available as of Monday 28th August 2006 24:00 UTC for download here. and is being designated a Critical Security Release."

Complete Story

"The XOOPS development team is pleased to announce the release of XOOPS 2.0.15.
This is mainly a maintenance release containing various bugfixes. It also provides security enhancements and thus all 2.0.x users are strongly advised to upgrade.

You can download it from the 2.0.15 release notes page."

Complete Story

Upgrading your existing Drupal sites is strongly recommended.

Download

• Drupal 4.7.3 can be downloaded from http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.3.tar.gz.
• Drupal 4.6.9 can be downloaded from http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.9.tar.gz."