5.x

Changes since DRUPAL-5--1-7:

• by Dave Reid: Updated role permissions on module enable.
• by Dave Reid: Use proper hooks for updating permissions when node types or CCK fields change.
• #447940 by gcassie, Robin Monks, acrollet, Sweetchack, Dave Reid | Steve Dondley: Added variable for permissions to exclude from the administrator role.
• #819324 by Dave Reid: Add a message about the new user role on install.

Aktualizovane retazce pre Drupal 5.23

Contains a fix for an SQL error on update's creation of the openid_nonce table.

This release also contains a new update that adds the openid_nonce table when you ran the update in 5.x-1.4.

See the issue @ #880604: SQL error in upgrade to v5.x-1.4

SA-CONTRIB-2010-086 - Prepopulate - Access Bypass

The Prepopulate module provides the ability for form fields to be pre-populated via the request sent for the form.

The module is vulnerable to access bypass which would allow a malicious user to change the value of fields they would not otherwise have access to alter.

See http://drupal.org/node/880696 for more information.

The twenty-third maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

Contains fixes for SA-CONTRIB-2010-084 - OpenID - Authentication bypass

Important: A bug in this release causes the update to malfunction. Do not install this version, but use 5.x-1.5 instead.

5.x-1.5 also contains an update for those users who had the misfortune to update to 5.x-1.4.

I apologize for the trouble I've caused to you.