The ninth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
In addition to this security vulnerability, the following bugs have been fixed since the 6.8 release:
- - Patch #331708 by chx: poll_choice_js uses FAPI2.
- - Patch #350708 by dww: t() documentation clean-up.
- - Patch #262920 by ainigma32: language selection for domain should look at HTTP_HOST not SERVER_NAME.
- - Patch #353886 by killes: too many arguments to SQL query in locale import.
- - Rollback of #325908.
- #347228 by kajetan: user was redirected to admin/build/translate instead of admin/build/translate/import
- #332123 by webchick, lilou, andypost: backport of removal of t() around schema desciptions
- #257009 by bjaspan, Freso, Darren Oh: check to not create global constraints twice in PostgreSQL (for example, when the testing framework is running)
- #169937 by Heine, drumm, alexanderpas, Darren Oh: only regenerate session if the user is the current global user
- #308526 by chx: Also reset actions_list() cache on actions_synchronize()
- #323474 by gpk, Dave Reid, catch: hook_boot() was not called on non-cached pages when agreesive caching was on
- #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text
- #328977 by Dave Reid, hgmichna: comment_controls() form function lacks first form_state parameter, so passed values are incorrectly used
- #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas
- #347485 by cdale: only add upload submit handler if the upload form is added
- #344052 by salvis: remove unused $update_node variable from node module
- #356782 by quicksketch: remove unused unset($edit) from _form_builder_handle_input_element()
- #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url()
- #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted
- #245990 follow up by Damien Tournoud, David_Rothstein, pwolanin: Move back to an internal URL check for HTTP request checking and make the request checking less intrusive on what requests can be accomplished