Drupal 6.17, a maintenance release fixing issues reported through the bug tracking system, is now available for download. There are no security fixes in this release. Upgrading your existing Drupal 6 sites is recommended. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement.

Highlights of changes in this release include improvements of session cookie handling, better processing of big XML-RPC payloads, improved PostgreSQL compatibility, better PHP 5.3 and PHP 4 compatibility, improved Japanese support in search module, better browser compatibility of CSS and JS aggregation and improved logging for login failures. An incompatibility of Drupal 6.16's new lock subsystem with some contributed modules was also resolved. In total there were about 55 patches committed to improve Drupal 6.

The full list of changes between the 6.16 and 6.17 releases can be found by reading the 6.17 release notes. A complete list of all bug fixes in the stable DRUPAL-6 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-6.

Given enough bug fixes (not just bug reports) more maintenance releases will be made available.

Incompatible changes

Drupal 6.17 introduces the following incompatible changes.

Session handling

Drupal 6.17 changes the way session cookies are handled. Most people don't need to have this setting set, but if you have an explicit $cookie_domain set in settings.php, verify that it is set to a sensible value:

  • 'example.com' if you want sessions to apply to the example.com domain, and none of its sub-domains (especially not www.example.com),
  • 'www.example.com' if you want sessions to apply to the www.example.com domain, and none of its sub-domains nor parent domains (especially not example.com),
  • '.example.com' if you want sessions to apply to the example.com domain and all its subdomains (www.example.com, mydomain.example.com, etc.).