Downloads

Download drupal-6.10.tar.gztar.gz 1.03 MB
MD5: d8f222c260556b5d7c3ff41bdd251b3c
SHA-1: fcdaa4f1eb10678a11e888c70aeeb0b9c84da6c6
SHA-256: 1b95ff70c10da0467dafce620d099bd71230b4f27a5bcc70d08cf7066e910816
Download drupal-6.10.zipzip 1.2 MB
MD5: b87597c62db72090fa655669a7b3a788
SHA-1: fab5bb7c9f253a1ca6effa0f6a9203a7818c8854
SHA-256: 198b2046011fe44bf3dcd2937a2ac83f8532380df61daa95b768bc957b4faa1a

Release notes

The tenth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

In addition to this security vulnerability, the following bugs have been fixed since the 6.9 release:

  • - Patch #298722 by pwolanin: _menu_translate returns FALSE before to_arg is available. Drupal.org upgrade blocker.
  • #310863 by bangpound, dboulet, catch, lee20: Locale variable results in locale module install, so skip adding empty variable when not needed.
  • #275796 by Gribnif, Damien Tournoud, Dave Reid, vaish: module_list() should set its static variable to NULL instead of unset()-ing it, so it does not retain its value
  • #328110 by marcingy, swentel, Damien Tournoud, pwolanin, David_Rothstein: the link argument is passed by reference to menu_link_save(), so avoid overwriting local variables in menu_enable().
  • #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag.
  • #220559 by eMPee584, Desbeers, Damien Tournoud: only ever add the active class to links in l() and theme_links(), if the language was set and is the current language or if the language was not set on the link
  • #365183 by Eaton: node_feed() did not use the same API functions as node_view() did, so custom fields were missing from the output
  • #356721 by c960657, Dave Reid: remove static caching of the clean URLs setting in url() to help automated tests; the setting is cached through variable_get(), which however allows altering of the setting
  • #290282 by kratib, jvandyk, ainigma32: Only track/limit the recursive invocations of actions_do(), instead of tracking/limiting them all.
  • #320395 by qutoz, swentel: Set node format to 0 in node_submit() if the body was turned off to avoid a minor notice.
  • #359918 by Dave Reid: database.inc documents the 'unique key' key, while it should be 'unique keys'
  • #152098 by hunthunthunt, mgifford, Dave Reid: add 'for' attribute to 'label' tags on checkboxes and radio buttons, even if the 'label' wraps the element - accessibility best practice
  • #314286 backport of some of #229129 by assimonds: disbaled checkboxes did not receive their values properly from the default value set
  • #243524 by christefano, chx: our phpinfo page was very limited; give all info possible instead
  • #203323 by JirkaRybka, robertgarrigos, lilou, thePanz, c960657, sun: move the LANGUAGE_* constants to bootstrap.inc and remove several defined() checks on them now that they are always defined
  • #276174 by nbz, John Morahan, slightly modified: do not escape username more then once at multiple places in blog.module
  • #310768 by bob_hirnlego, cdale: missing primary table and field specification in db_rewrite_sql() when called from taxonomy_overview_terms()
  • #363262 by catch, chx: in Drupal 6, the url_alias table introduced a language column, but did not extend its index to that; though queries are formed on src and language
  • #326210 by AlexisWilke, grendzy, jhedstrom: Take the menu item in its first submission and menu_nodeapi() by reference, so that any modifications of the item in the saving process will carry over to other submit handlers; making itpossible to write modules extending menu item manipulation
  • - Patch #383318 by mr.baileys: incorrect memory shortage warning when memory limit is unlimited.
  • #337162 by midkemia and ainigma32: keep the Drupal 5 menu items descriptions when upgrading to Drupal 6
  • - Patch #381438 by drumm: do not use page cache for drupal.sh requests.
  • #109588 by fago, cdale: use the existing user account objects instead of arg() checks, as well as fix use of where it should be
  • #296082 by jandd, stefanor, nigel: avoid table aliasing in UPDATE query in system_update_6001() since PostreSQL does not support that
  • #376408 by ajevans85, pwolanin: Prevent an empty anchor tag and parenthesis appearing in the output for the search index in search_nodeapi()
  • #383724 by Heine, bjaspan: SA-CORE-2009-003

What’s next?

  1. Learn how to install Drupal
  2. Learn how to update Drupal
  3. Extend Drupal to do more
  4. Get training
  5. Check out what others built
Created by: Gábor Hojtsy
Created on: 25 Feb 2009 at 21:05 UTC
Last updated: 31 Jul 2018 at 17:29 UTC
Security update
Bug fixes
Insecure

Other releases