Drupal 6.21, 6.22, 7.1, and 7.2 were release yesterday. Drupal 6.21 fixes a reflected cross-site scripting vulnerability in the error handler and a cross-site scripting vulnerability in the Colors module. Drupal 7.1 fixes a cross-site scripting vulnerability in the Colors module and a access bypass in the File module. Drupal 6.22 and 7.2 include bug fixes in addition to the security vulnerabilities included in 6.21 and 7.2. The dual releases were put out to try “to make it easier and quicker to roll out security updates by making security-only releases available as well as ones with bugfixes included“.
More information is available in the security advisory and the release notes for 6.21, 6.22, 7.1, and 7.2.
