On the October 17, 2012 Drupal has released their latest update to the Drupal 7 Series from 7.15 to 7.16.
There is no major new functionality due to the fact that new features are only being added to the forthcoming Drupal 8.0 release. This release fixes security vulnerabilities. Sites are urged to upgrade immediately.
The release notes are as follows:
* SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure
No other fixes are included.
No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.
As a consequence of the security fixes in this release, sites using the OpenID module will reject login attempts from OpenID servers which return an XRDS file with a declared DOCTYPE (due to the possibility of malicious DOCTYPE declarations).
A DOCTYPE declaration is not part of the OpenID specification, so this is not expected to cause any problems for valid OpenID servers. However, sites using unusual or custom OpenID servers may wish to test OpenID logins before deploying this release.