commons 7.x-3.5

For full release notes and upgrade instructions, please see http://docs.acquia.com/commons.

Drupal Commons 3.5 (Drupal 7.24 core) contains the following features and updates:

Note

Due to vulnerabilities identified in previous versions of Drupal, Drupal 7.24 requires you to modify your .htaccess file to fully resolve a code execution prevention vulnerability on existing Apache installations. If you're upgrading to Drupal Commons 3.5 from a previous version of Drupal or Drupal Commons and your hosting environment uses Apache, use the full upgrade instructions at Upgrading Drupal Commons.

Resolved security alerts

This version of Drupal Commons resolves the following security alerts identified on drupal.org:

• SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities
• SA-CONTRIB-2013-095 - Organic Groups - Access bypass
• SA-CONTRIB-2013-096 - Entity reference - Access bypass

If you have installed a previous version of Drupal Commons, we strongly encourage you to upgrade your environment to address these issues.

Drupal core and module updates

• Updated Drupal core to 7.24
• Updated Apache Solr Search to 7.x-1.6 (#2140493 by Devin Carlson)
• Updated Entity cache to 7.x-1.2 (#2130129 by Devin Carlson)
• Updated Entity reference to 7.x-1.1
• Updated Features to 7.x-2.0 (#2116875 by Devin Carlson)
• Updated Lingotek Translation to 7.x-4.09 (#2140489 by Devin Carlson)
• Updated Message-subscribe to 7.x-1.0-rc1 (#2134339 by Devin Carlson)
• Updated Mollom to 7.x-2.8 (#2140485 by Devin Carlson)
• Updated Organic groups to 7.x-2.4
• Updated Paranoia to 7.x-1.3 (#2134379 by Devin Carlson)
• Updated Redirect 403 to User Login to 7.x-1.7 (#2130123 by Devin Carlson)
• Removed Registry Rebuild (#2114717 by Devin Carlson)
• Updated Rules to 7.x-2.6 (#2130065 by Devin Carlson)

Fixes issues

• Add Modernizr library.
• Remove redundant trusted contacts group validation check.
• #2131877 by japerry, Devin carlson: update 'display in bw widget' form to be checked by default if a feature indicates so.
• #2130469 by jastraat: Cleanup some JS syntax errors that breaks IE8 and other browsers
• #2088421 by japerry, slowflyer: Add comment message notify for comments that aren't in groups.
• #2105133 by barisw, japerry: change radioactivity to empty instead of isset
• #2135785 by umtj, japerry: add OG depedency to bw_widget.
• #2135243 by Devin Carlson: Enabled the RDF and Schema.org modules during installation.
• #1844152 by Zarabadoo: Report as inappropriate links as hoverovers on content.
• #2131761 by japerry, Devin Carlson: add txt as a valid document type
• #2130065 by Devin Carlson: Accommodated the new OWNER property in Commons: KISSmetrics.
• #2123297 by Devin Carlson: Implemented the exclusive property introduced in Drupal 7.22 which allows for the automatic selection of an installation profile without hacking or patching core.
• #2127735 by Devin Carlson: Fixed Commons Events no longer unnecessarily depends on the RDF and Schemaorg modules.
• #2129345 by japerry: allow users to cancel if event is full and they are already registered
• #2124353 by Devin Carlson: Updated Lingotek Translation to 7.x-4.08.
• #2123249 by japerry: Removed datestamp, project and version identifiers from Commons modules in order to prevent them from showing as unsupported.
• #2123297 by japerry: add exclusive tag to commons
• #2123249 by japerry: Remove datestamp, project, version identifiers from commons info files
• Restored the standard order for including the Voting API project now that the dev profile has been removed.
• Alphabetized the list of included modules, themes and libraries.
• #2071047 by Devin Carlson: Fixed sticky content is displayed at the bottom of lists instead of the top.
• #2115097 by Devin Carlson: Fixed posting content into groups using the browsing widget short form was impossible by correcting a typo.