Acquia Drupal 1.2.3 is a highly critical security update for all sites running on Windows servers. Changes in this version include:

• Update to Drupal 6.10, including the fix for SA-CORE-2009-003 (arbitrary code execution on Windows servers).

If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. The patch fixes the security vulnerability, but does not contain other fixes which were released in Drupal 6.10.

• To patch Acquia Drupal 1.2.2 use SA-CORE-2009-003-6.9.patch.

Notes:

• Acquia Drupal may include released, beta, alpha, or patched modules depending on which version is determined to be the most current, stable, secure and appropriate version for general use.
• Customers updating a production site should always perform a backup first, and, if possible, perform a trial update in a test environment before updating their production site.