drupal 7.35

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

Known issues:

• Existing time-dependent user links (for example, one-time login links and password reset links) will be automatically invalidated when this release is deployed. If users request new links after the release, they should work correctly.
• Certain time-dependent user links generated by versions 7.x-1.4 and earlier of the LoginToboggan module will not work at all with Drupal 7.35 (see this issue). The solution is to upgrade to LoginToboggan 7.x-1.5 or higher.
• Time-dependent user links generated by other contributed or custom modules should work in most circumstances, but will result in PHP warnings until the module has been updated for the user_pass_rehash() changes discussed in the "major changes" section below.

Major changes since 7.34:

• The user_pass_rehash() function now requires the user account ID to be passed in
• External URLs can no longer be passed through the "destination" query parameter