Releases for Drupal core

Release notes

Maintenance release of the Drupal 7 series. Includes fixes for incompatibilities introduced in the Drupal 7.20 security release only.

No security fixes are included in this release; however, sites which were unable to upgrade to Drupal 7.20 (or upgraded but made modifications to disable the security fixes included within it) should upgrade to Drupal 7.21 to obtain additional security protection.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

If you have already upgraded to Drupal 7.20 with no problems this release does not provide any new functionality. You can upgrade to Drupal 7.21 at your leisure, without reading the notes below.

Important update notes:

Drupal 7.20 fixed a fundamental security flaw in the Drupal core Image module and therefore introduced incompatibilities with a number of contributed modules and sites (see the Drupal 7.20 release notes). To help mitigate the effect of these changes, an optional 'image_allow_insecure_derivatives' variable was provided, which sites could use to turn off the security fix.

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Release notes

Placeholder for the Drupal 9.x release. Not intended for actual use by anyone except the issue queue version selector.

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Update notes:

As a consequence of the security fixes in this release, sites using the OpenID module will reject login attempts from OpenID servers which return an XRDS file with a declared DOCTYPE (due to the possibility of malicious DOCTYPE declarations).

A DOCTYPE declaration is not part of the OpenID specification, so this is not expected to cause any problems for valid OpenID servers. However, sites using unusual or custom OpenID servers may wish to test OpenID logins before deploying this release.

Release notes

Maintenance release of the Drupal 7 series. Includes bugfixes only (no new functionality), plus the security fixes from Drupal 7.13 which was released alongside Drupal 7.14.

Major changes since 7.13:

- Fixed "integrity constraint" fatal errors when rebuilding registry.
- Fixed custom logo and favicon functionality referencing incorrect paths.
- Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
- Split field_bundle_settings out per bundle.
- Improve UX for machine names for fields (UI change).
- Fixed User pictures are not removed properly.
- Fixed HTTPS sessions not working in all cases.
- Fixed Regression: Required radios throw illegal choice error when none selected.
- Fixed allow autocompletion requests to include slashes.
- Eliminate $user->cache and {session}.cache in favor of $_SESSION['cache_expiration'][$bin] (Performance).
- Fixed focus jumps to tab when pressing enter on a form element within tab.
- Fixed race condition in locale() - duplicates in {locales_source}.
- Fixed Missing "Default image" per field instance.
- Quit clobbering people's work when they click the filter tips link
- Form API #states: Fix conditionals to allow OR and XOR constructions.
- Fixed Focus jumps to tab when pressing enter on a form element within tab. (Accessibility)
- Improved performance of node_access queries.

Release notes

The twentysixth maintenance release of the Drupal 6 series. Only bugfixes have been committed. No security fixes are included in this release. New features are only being added to the forthcoming Drupal 8.0 release.

Drupal 6.26 builds on top of Drupal 6.25 and includes all the previous bugfixes and security improvements. The complete list of changes committed since Drupal 6.25 are as follows:

• #1145700 by jbrown, mr.baileys, joachim: harden link display on dblogoverview screen in case the link might be dependent on user input with any contrib module
• #183435 by TR, gregmac: make drupal_http_request() more tolerant of faulty newlines in the response headers
• #341588 by voxpelli, mikl, Albert Volkman, dawehner: use the right JSON MIME type in drupal_json()
• #1352272 by Albert Volkman, sven.lauer, LSU_JBob: fix phpdoc for system_settings_overview()
• #260934 by catch, ShawnClark, Jody Lynn, Island Usurper, joshmiller, anrikun, roychri, pdrake, Dave Cohen, sun, plach, bjaspan: When drupal_execute()ing multiple forms with same form_id in a page request, only the first one was validated.
• #784864 by Niklas Fiekas, kbgordon7, rdrh555, lisarex: Link in update.php instructions was pointing to an outdated handbook page. Update it.
• #655048 by Gábor Hojtsy, gumanist, intuited, Albert Volkman: Plural formula information was blanked when importing a poorly-formed .po file.
• #751578 by xamanu, sanduhrs, Gábor Hojtsy: OpenID realm should not be language dependent.
• #800968 by JacobSingh, ksenzee, Big Z: Tabledrag.js should not use for...in to iterate over an array.
• #1446372 by Heine, bserem, champlin: Invalid Unicode code range in PREG_CLASS_UNICODE_WORD_BOUNDARY fails with PCRE 8.30.
• #736556 by Albert Volkman, daniels220, jeckman: Improve theme_links() documentation.
• #300279 by achton, pillarsdotnet, unknownguy: Improve db_query_temporary() documentation to apply even if persistent database connections are used.
• #1441852 by chris.leversuch, cafuego: Better return value documentation for db_query().
• #1436074 by Pat Redmond, tstoeckler, fureigh: Minor documentation fix in the batch_set() docs.
• #1432708 by scorchio, mkalkbrenner: Expand drupal_goto() documentation for query argument.
• #1416212 by pontus_nilsson, ibot: Documentation cleanup for _user_mail_notify().
• #1421330 by Albert Volkman, heyrocker: Crosslink cache_set() and cache_get() documentation with @see.

Release notes

Maintenance release of the Drupal 7 series. Includes bugfixes only (no new functionality), plus the security fixes from Drupal 7.11 which was released alongside Drupal 7.12.

All changes committed since Drupal 7.10 are as follows:

• #336483 by brianV, catch: Fixed Performance: SELECT MAX(comment_count()) FROM node_comment_statistics() does full table scan.
• #289504 by catch, mikeryan, moshe weitzman: Fixed user_delete() performance: index comment uid columns.
• #1326482 by ryanissamson: Clean up minor code style issues in archiver.inc.
• #996236 by fago, sun, pillarsdotnet, xjm: Fixed drupal_flush_all_caches() does not clear entity info cache.
• Rollback of Issue #1280792 by andypost: Key length too long error.
• #569076 by rocket_nova, wamilton, alonpeer: Test that taxonomy term page contains a link to parent terms in the breadcrumbs.
• #1367000 by chris.leversuch, oriol_e9g, David_Rothstein: Clean up API docs for php module.
• #1421330 by heyrocker: Fixed Add @see for cache_set() and cache_get() .

Release notes

The twentyfourth maintenance release of the Drupal 6 series. Only bugfixes have been committed. No security fixes are included in this release. New features are only being added to the forthcoming Drupal 8.0 release.

This release includes the security fixes from Drupal 6.23 which was released alongside Drupal 6.24. No additional security fixes are included.

The complete list of changes committed since Drupal 6.22 are as follows:

• #879270 by Ben Coleman: query in taxonomy_node_get_terms() needs the v.weight field added to the SELECT because it was already present in the ORDER BY; improved PostgreSQL compatibility
• #12274 by markoshust, DamienMcKenna, seanbfuller, cburschka, aufumy: do not accept email addresses with dots at the end as valid
• #600836 by tim.cosgrove, dww, naxoc, Dave Reid: prevent batches from going indefinitely if their 'finished' value becomes bigger than 1
• #289504 by mikeryan, catch, moshe weitzman: backport indexes from Drupal 7 on comments and node_comment_statistics to improve performance of mass-user operations such as deleting users en masse