Drupal 6.9 and 5.15 released, fixing security issues More information can be found -> HERE Drupal 6.9 and Drupal 5.15, maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities, are now available for download. Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. Drupal 6.9 Release Note * SA-CORE-2009-001- Drupal core - Multiple vulnerabilities * - Patch #331708 by chx: poll_choice_js uses FAPI2. * - Patch #350708 by dww: t() documentation clean-up. * #245990 by Dave Reid, chx, dww: Look for the www.example.com page when a HTTP request seems to fail. Looking for the local page caused problems for people with interactive authentication, redirects, hosting added JavaScript code, and so on. * - Patch #262920 by ainigma32: language selection for domain should look at HTTP_HOST not SERVER_NAME. * - Patch #353886 by killes: too many arguments to SQL query in locale import. * - Rollback of #325908. * #347228 by kajetan: user was redirected to admin/build/translate instead of admin/build/translate/import * #332123 by webchick, lilou, andypost: backport of removal of t() around schema desciptions * #257009 by bjaspan, Freso, Darren Oh: check to not create global constraints twice in PostgreSQL (for example, when the testing framework is running) * #169937 by Heine, drumm, alexanderpas, Darren Oh: only regenerate session if the user is the current global user * #308526 by chx: Also reset actions_list() cache on actions_synchronize() * #323474 by gpk, Dave Reid, catch: hook_boot() was not called on non-cached pages when agreesive caching was on * #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text * #328977 by Dave Reid, hgmichna: comment_controls() form function lacks first form_state parameter, so passed values are incorrectly used * #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas * #347485 by cdale: only add upload submit handler if the upload form is added * #344052 by salvis: remove unused $update_node variable from node module * #356782 by quicksketch: remove unused unset($edit) from _form_builder_handle_input_element() * #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url() * #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted * #245990 follow up by Damien Tournoud, David_Rothstein, pwolanin: Move back to an internal URL check for HTTP request checking and make the request checking less intrusive on what requests can be accomplished Drupal 5.15 Release Note * SA-CORE-2009-001 Drupal core - Multiple vulnerabilities * #348269 by Darren Oh. Add missing * in the expand_password_confirm() comment. * #202688. Backport from 6.x. * #103528 by gpk, hass & salvis. Provide a useful message when the color picker is disabled due to the download method. * #350708 by dww. Backport t() documentation improvements from D6. * #157353 by Freso and tangent. Remove a needless dash from RSS feed title. * #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas * #252921 by k4ml. Use correct placeholder. * #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text * - Patch #335385 by Dave Reid: fixed maxlength of path alias fields to be consistent with the database. * #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted