Drupal 5.9 released, fixing security issues Drupal 5.9 has been released to correct a vulnerability that was inadvertantly left in Drupal 5.8 Drupal 5.9 Release Note The ninth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release. This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-046 - Drupal core - Session fixation In addition to this security vulnerability, the following bugs have been fixed in the 5.9 release: * #281042 by schuyler1d. Render blocks before CSS and JS header generation. * #232433 by Damien Tournoud. Use non-localized date for RSS. * #281494 by beeradb. Code style. * #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0. * #252921 by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility. * #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions * #280934. Make sure session is always regenerated.