Drupal 4.7.9 and 5.4 are now available HERE

Drupal 4.7.9 Release Notes
- SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

Drupal 5.4 Release Notes
- SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled
- #178478 by scor: typo in text displyed when the DB is installed but not accessible
- Patch #122759 by Robrecht: fixed broken query in upgrade path.
- #55277 by catch and JirkaRybka: when flat comment view is used, order comments by cid (ie. original submission order) instead of timestamp (ie. last editing time order) to avoid comments jumping around when being edited
- Patch #181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not booting to the proper level.
- #184668 by hazexp, Remove unnecessary ';'
- Patch #182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
- #93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried over in comment module
- #154388 (backport of #172262) by JirkaRybka. Better globals handling in install system, so the choosen profile and language are remembered.
- #171117 by JirkaRybka: set access time for admin created or edited accounts so they are exempt from the spam protection we have for accounts never logged in
- Patch #168829 by Neil Drumm: fixed link in documentation.
- #165924 by odious. Use accurate count query for user list.
- #187601 by Bart Jansens. Use correct HTTP status codes for redirects.
- #180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term was selected
- #134984 by mikesmullin. Fix x2 coordinate for rendering gradients.

Drupal 6 Beta 4 Release Notes
Changes made since the release of Drupal 6.0 beta 3 include several multilingual support fixes, caching improvements, more clear help texts, drag and drop support for book outlines, user profile administration, taxonomy pages and file uploads, and fixes to node teaser generation. With the right to left version of the pushbutton theme, we also completed RTL support for all core themes. We have also hardened the security of the system, closing potential cross site scripting (XSS) and cross site request forgery (CSRF) security holes. This beta release also includes the security updates released in Drupal 5.4 and 4.7.9.