--- - branch: MAIN date: Wed Dec 10 23:55:39 UTC 2008 files: - new: '1.35' old: '1.34' path: pkgsrc/www/drupal/Makefile pathrev: pkgsrc/www/drupal/Makefile@1.35 type: modified - new: '1.26' old: '1.25' path: pkgsrc/www/drupal/distinfo pathrev: pkgsrc/www/drupal/distinfo@1.26 type: modified id: 20081210T235539Z.365f0ad76b947dbaa4f630987d4066bd6fd7101b log: | Update to 5.13 This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-073 - Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed since the 5.12 release: * #318102 by Damien Tournoud and Dave Reid: hook_exit() not invoked for some cached requests. * #278821 by teezee. More isset() checking. * #293612 by egfrith, Bart Jansens: let user_authenticate() be called without cookies previously set; allows web service modules to start a session with the authentication. * #123556 by maartenvg and dvdweide. Do not show empty user info categories. * #294450 by blakehall. Match up DB and form max length. * More code style removing trivial differences with 6.x. * #195161 by mcarbone with some modifications: only show 'login to post comments' if logging in actually lets you post comments. Backport by salvis. * - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc. * #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS * #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is lowercased and only valid characters are allowed. * #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal * #299582 by hass: Remove outdated items from robots.txt and fix ordering of items to make stuff easier to find. http://drupal.org/node/345467 module: pkgsrc subject: 'CVS commit: pkgsrc/www/drupal' unixtime: '1228953339' user: adrianp