Now
MAIN commitmail json YAML
The following bug has been fixed since the 6.7 release:
* Rolling back #280934. PHP 4 incompatibility.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-001- Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 6.8 release:
* - Patch #331708 by chx: poll_choice_js uses FAPI2.
* - Patch #350708 by dww: t() documentation clean-up.
* #245990 by Dave Reid, chx, dww: Look for the www.example.com page when a HTTP request seems to fail. Looking for the local page caused problems for people with interactive authentication, redirects, hosting added JavaScript code, and so on.
* - Patch #262920 by ainigma32: language selection for domain should look at HTTP_HOST not SERVER_NAME.
* - Patch #353886 by killes: too many arguments to SQL query in locale import.
* - Rollback of #325908.
* #347228 by kajetan: user was redirected to admin/build/translate instead of admin/build/translate/import
* #332123 by webchick, lilou, andypost: backport of removal of t() around schema desciptions
* #257009 by bjaspan, Freso, Darren Oh: check to not create global constraints twice in PostgreSQL (for example, when the testing framework is running)
* #169937 by Heine, drumm, alexanderpas, Darren Oh: only regenerate session if the user is the current global user
* #308526 by chx: Also reset actions_list() cache on actions_synchronize()
* #323474 by gpk, Dave Reid, catch: hook_boot() was not called on non-cached pages when agreesive caching was on
* #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text
* #328977 by Dave Reid, hgmichna: comment_controls() form function lacks first form_state parameter, so passed values are incorrectly used
* #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas
* #347485 by cdale: only add upload submit handler if the upload form is added
* #344052 by salvis: remove unused $update_node variable from node module
* #356782 by quicksketch: remove unused unset($edit) from _form_builder_handle_input_element()
* #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url()
* #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted
* #245990 follow up by Damien Tournoud, David_Rothstein, pwolanin: Move back to an internal URL check for HTTP request checking and make the request checking less intrusive on what requests can be accomplished
* Rolling back #280934. PHP 4 incompatibility.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-001- Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 6.8 release:
* - Patch #331708 by chx: poll_choice_js uses FAPI2.
* - Patch #350708 by dww: t() documentation clean-up.
* #245990 by Dave Reid, chx, dww: Look for the www.example.com page when a HTTP request seems to fail. Looking for the local page caused problems for people with interactive authentication, redirects, hosting added JavaScript code, and so on.
* - Patch #262920 by ainigma32: language selection for domain should look at HTTP_HOST not SERVER_NAME.
* - Patch #353886 by killes: too many arguments to SQL query in locale import.
* - Rollback of #325908.
* #347228 by kajetan: user was redirected to admin/build/translate instead of admin/build/translate/import
* #332123 by webchick, lilou, andypost: backport of removal of t() around schema desciptions
* #257009 by bjaspan, Freso, Darren Oh: check to not create global constraints twice in PostgreSQL (for example, when the testing framework is running)
* #169937 by Heine, drumm, alexanderpas, Darren Oh: only regenerate session if the user is the current global user
* #308526 by chx: Also reset actions_list() cache on actions_synchronize()
* #323474 by gpk, Dave Reid, catch: hook_boot() was not called on non-cached pages when agreesive caching was on
* #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text
* #328977 by Dave Reid, hgmichna: comment_controls() form function lacks first form_state parameter, so passed values are incorrectly used
* #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas
* #347485 by cdale: only add upload submit handler if the upload form is added
* #344052 by salvis: remove unused $update_node variable from node module
* #356782 by quicksketch: remove unused unset($edit) from _form_builder_handle_input_element()
* #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url()
* #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted
* #245990 follow up by Damien Tournoud, David_Rothstein, pwolanin: Move back to an internal URL check for HTTP request checking and make the request checking less intrusive on what requests can be accomplished