Releases for CAPTCHA

Release notes

Note about upgrading

In case you already using CAPTCHA 7.x-1.0-alpha2: the upgrade should be seamless.

In case you already tried/worked with CAPTCHA 7.x-1.0-alpha1: there is no upgrade path from 7.x-1.0-alpha1 and 7.x-1.0-alpha3. If you try to upgrade, you will get database errors. Instead, you should first uninstall the CAPTCHA module and reinstall 7.x-1.0-alpha3 (like a fresh install).

When upgrading from CAPTCHA 6.x-2.x (for Drupal 6), it is required to first upgrade to CAPTCHA 6.x-2.4 (or higher within the 6.x-2.x branch) first, otherwise the upgrade will fail (issues #1021244: Prevent upgrading directly from 6.x-2.3 (or earlier) to 7.x-1.x).

Changes since 7.x-1.0-alpha2:

• #976436 by matheusgorino, soxofaan: Adds an ob_end_clean to prevent the output image from being corrupted.
• #1024370 by soxofaan, nineLemon, Pancho, slashrsm: Prevents CAPTCHA from failing in certain forms
• fixing captcha.js identation
• Removing translation directories
• Stripping CVS keywords
• #881156 by elachlan and soxofaan: disable autocomplete on CAPTCHA response field with javascript (instead of with non-standard markup)
• #1049482 by jweowu: fix for schema mismatch

Release notes

The Happy 2011 release

Yet a step closer to getting this module properly ported to Drupal 7.

Note about upgrading

In case you already tried/worked with CAPTCHA 7.x-1.0-alpha1: there is no upgrade path from 7.x-1.0-alpha1 and 7.x-1.0-alpha2. If you try to upgrade, you will get database errors. Instead, you should first uninstall the CAPTCHA module and reinstall 7.x-1.0-alpha2 (like a fresh install).

When upgrading from CAPTCHA 6.x-2.x (for Drupal 6), it is required to first upgrade to CAPTCHA 6.x-2.4 (or higher within the 6.x-2.x branch) first, otherwise the upgrade will fail (issues #1021244: Prevent upgrading directly from 6.x-2.3 (or earlier) to 7.x-1.x and #1040324: Install / Update Modules results in AJAX HTTP error do to db_add_column() call ).

Changes since DRUPAL-7--1-0-ALPHA1:

• #983254: fixed simple math fall back for image captcha in maintenance mode
• #978530 by elachlan and soxofaan: added image CAPTCHA dimensions to markup
• #810534: protection against CAPTCHA session reuse attacks, port of http://drupal.org/node/810534#comment-3158926, http://drupal.org/node/995748 and http://drupal.org/node/844148
• fixed/ported theme_captcha()
• various refactoring things to synchronize captcha.test for D6 and D7
• ported tests for CAPTCHA point administration

Release notes

Fix for Session reuse hack

This release includes the fix for an important bug (#810534: Hack CAPTCHA in 2 step (CAPTCHA session reuse)), which made it possible to reuse CAPTCHA sessions and lowered the barrier to entry for spam bots. The fix is a rather big change, including a database change, so do not forget to run the update.php script.

For more info: also see the release notes for CAPTCHA 6.x-2.3-RC1 and CAPTCHA 6.x-2.3-RC2.

Minor changes since DRUPAL-6--2-3-RC2:

• typo in German translation (reported by GraemeB)
• #766190: Added button to admin page to clear the CAPTCHA placement cache
• added a touch of extra sanitizing of raw posted data
• #881156 by vivekkhurana: disable autocompletion on CAPTCHA response fields
• #780206: Add warning to Performance settings page about CAPTCHA and caching
• #780206: added warning during installation about page caching and CAPTCHA

All changes since DRUPAL-6--2-2:

Major:

• #810534 by soxofaan: fixed CAPTCHA session reuse hack

Release notes

Why is this release a RC (release candidate)?

This release includes the fix for an important bug (#810534: Hack CAPTCHA in 2 step (CAPTCHA session reuse)), which made it possible to reuse CAPTCHA sessions and lowered the barrier to entry for spam bots. The fix is a rather big change, including a database change, so do not forget to run the update.php script.
Because the change is rather big, I wanted to be sure the fix didn't break a lot of other things. In the first place, I provided simpletest coverage for the bug, albeit limited to the CAPTCHA protection of some Drupal core forms (login form, comment form and node form). However, I wanted also some manual testing on real world sites and use cases, but I got only one (positive) response in #810534: Hack CAPTCHA in 2 step (CAPTCHA session reuse).
To avoid that the lack of manual testing would block the commit of the fix, I decided to commit it and release the fixed version as a release candidate for 6-x.2.3. This way there is more real world testing, while still making it clear that the release could still have some issues. If you want stability and don't trust release candidate: stay at CAPTCHA 6.x-2.2. On the other hand, in terms of simple test coverage, CAPTCHA 6.x-2.3-RC1 could be considered more stable than CAPTCHA 6.x-2.2 as the coverage has increased.

Important changes since DRUPAL-6--2-2:

Release notes

Changes since DRUPAL-6--2-1:

• Security update: added filtering against XSS on the CAPTCHA description (with test coverage)
• Various translation updates and fixes
• #349218: On some setups, imagettfbbox returns a corrupt bounding box (causing a missing first character in the CAPTCHA image), which can be worked around by calling it a second time.
• #534168: refactored code for getting posted CAPTCHA info (makes code cleaner) and added workaround for IE7 issue
• #699552: fonts not working with default setup
• #714414: fixed regression: preview on comments did not respect persistence
• #704110: prevent installation of image CAPTCHA module when no GD available
• #545526 by eMPee584 and soxofaan: fixes some undefined index warnings

Release notes

A new year, a new release from the CAPTCHA 6.x-2.x branch. Changes since previous release (6.x-2.0):

New features in image CAPTCHA:

• #571344: use multiple fonts in image CAPTCHA.
• Added font previews on admin page
• #644046: image CAPTCHA ignores spaces in the user's response (lower barrier for humans, but not easier for bots)
• added small random rotation to characters in image CAPTCHA

Some minor bug fixes

• #586232: 2nd argument call_user_func_array() should be array
• #586232: call_user_func_array() call problem
• #662398: better update path from 5.x-3.x or 6.x-1.x: change text CAPTCHA (which was removed) to simple math CAPTCHA

And further

• Various translation updates
• updated outdated readme file and added note about caching
• minor code cleanup/reordering and documentation updates

Release notes

This release is intended to be the last release candidate before a final CAPTCHA 6.x-2.0 version.

Feature-wise, the goals of CAPTCHA 6.x-2.0 are completed and there are no critical or outstanding bug reports left. However, I decided not to go for a final 6.x-2.0 version because of the following.
This 6.x-2.0-RC3 release is the milestone where the CAPTCHA 6.x-2.x branch becomes the recommended branch for Drupal 6 and the 6.x-1.x branch becomes deprecated (it was already unmaintained for many moons). Switching the "recommendedness" on a release candidate is mainly to increase usage of the 6.x-2.x branch (which is now roughly at 5000) at the expense of the 6.x-1.x branch (which is now roughly at 22000), collecting more feedback and possibly work out some more kinks before the final CAPTCHA 6.x-2.0 version.

Release notes

Changes since DRUPAL-6--2-0-BETA5:

• #463002: dropping the preprocess op in hook_captcha()
• hardcoded CAPTCHA placement on comment_form: the 'Submit' button can be omitted on first submission, which confuses the automatic placement detection.
• fixed problem with CAPTCHA description still showing up after comment preview with correct CAPTCHA response and added test for this
• #467618: made CAPTCHA element placement more foolproof, e.g. when there are no buttons on a form
• added forum_node_form to the default form_ids on install
• fixed problem with node previews (CAPTCHA session ID was not reused, so no multipage form persistence)
• captcha_set_form_id_setting() now also accepts an object with module and type attributes
• #472144 by hctom and soxofaan: PHP error on CAPTCHA admin form submit when no CAPTCHA points defined

Release notes

Changes since DRUPAL-6--2-0-BETA3:

• implemented admin mode CAPTCHAs (presolved and no validation)
• added simpletest file captcha.test and removed old version of simpletest file
• renamed _captcha_update_captcha_point() to captcha_set_form_id_setting().
• #384814: better checking of TTF support
• removed the double vision feature, which was not very usefull.
• made noise level more fine grained
• various refactoring and code cleanups