release

Security fixes in 6.16:

Installation cross site scripting
A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed.

Open redirection
The API function drupal_goto() is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the Drupal site to send the user to an arbitrarily provided URL. No user submitted data will be sent to that URL.

The fifteenth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

SA-CORE-2009-009 - Drupal Core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed since the 6.14 release:

Drupal 6.10 and 5.16, maintenance releases fixing problems reported using the bug tracking system, as well as a critical security vulnerability, are now available for download.
Drupal 5.16 and 6.10 were released in response to the discovery of a security vulnerability. Details can be found in the official security advisories:

Drupal 6.9 and Drupal 5.15, maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities, are now available for download. Read more to find out about security vulnerabilities found there.

Right after the 6.7 and 5.13 comes new minor release, removing an incompatibility with versions of PHP before 5.2 released in the earlier versions. Can't say that i don't like "release early, release often" open source principle, but this is really early and really often.

Drupal 6.7 and Drupal 5.13, maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities, are now available for download. Read more to find out about security vulnerabilities found there.