Drupal 6.11 and 5.17 released, fixing security issues More information can be found -> HERE Drupal 6.11 and 5.17, maintenance releases fixing problems reported using the bug tracking system, as well as a critical security vulnerability, are now available for download. Drupal 6.11 also fixes performance issues with the menu cache and update status cache among other smaller issues. Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. Important update notes It is important to run update.php. These releases did not change the .htaccess, robots.txt and (default.)settings.php files, so you can keep your existing files intact, if you have modifications in them. Drupal 6.11 Release Note * SA-CORE-2009-005 - Drupal core - Cross site scripting * #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; resulted in issue in logic not code flow * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility. * #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML markup in update.php output * #372914 by chx, pwolanin, webchick: Menu link title localization was broken when a non-t callback was used * #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation. * #404244 by cwgordon7: minor code style fix in openid_help(). * #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 twice and did not pass a3 to the action when the action type was other then node * #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was separated by one blank line, thus disconnecting it for the API docs parser * #408962 by brianV: improve phpdoc documentation for menu_tree_collect_node_links() and menu_tree_check_access(). * #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask for the last insert ID in 'aggregator_category', not 'aggregator' when saving. * #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set by drupal_not_found() or drupal_access_denied() so that we can properly redirect from those pages. * #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ location.hash).offset() does not alway return an object, which breaks all JavaScript on the page, so check for the return value before using it. * #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch API compatible with drupal_execute(), so things like creating a CCK type or adding fields to it (by submitting forms programatically) are possible in update functions * #365996 by sammys: the correct full name for the timestamp field in postgresql is timestamp without time zone; improve compatibility with PostgreSQL / schema module * #279233 by Aren Cambre, jbomb: Message printed when email is not being possible to send was informal and had a grammar problem. * - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo. * - Patch #372414 by JohnAlbin: don't output empty div when no comment exist. * - Patch #228477 by anuradha: corrected Sinhala language. * - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() validators. * #382096 by Arancaytar: clean up #maxlength use in the installer; remove arbitrary 45 character limits, put reasonable limits in place where it makes sense * #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient * #385602 by Damien Tournoud, desbeers: log messages were not remembered on node preview * #437120 by mfb: avoid double escaping of taxonomy term names in feed links and channel titles * #437930 by soxofaan: remove unnecessary tabindex attribute from login form; makes altering harder * #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was matching on prefixes of node paths instead of the node paths themselves (and possible subtabs) * #401304 by Darren Oh: make conditional in statistics_link() more explicit to catch node related invocations * #363262 follow up by Dave Reid: fix phpdoc comments on update functions to properly mark update functions added after 6.0 was released * #317775 by Starminder, pwolanin: do not store the menu router table serialized in cache, since it cases more performance problems then it solves * #282852 by Arancaytar, will_in_wi: remove negative margin on .node in Garland, so nodes do no overlap the messages area on the page * #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table cache_flush variables to avoid not flushing all but the first table when multiple tables are cleared * #445600 by Rob Loach: allow for as few as 1 required word in submission of a node of a content type if the admin wants to set so * #343415 by Damien Tournoud: the form cache is not automatically cleared on submit if the page cache is activated * Rolling back #343415 given disputes around its change in Drupal 7. * #229660 by Dave Reid: use theme('username', ...) to display usernames on the user contact page * #447700 by dww: Earl Miles is not update.module maintainer anymore * #431148 by pwolanin, dww: Make it easier to visually distinguish security updates on Updates report * #396224 by pwolanin: Further harden template file name discovery * #220592 by dww and pwolanin: Always use the database for caching in update module, so that drupal.org project data persists. Improves both local and drupal.org site performance. Drupal 5.17 Release Note * SA-CORE-2009-005 Drupal core - Cross site scripting * #150851 by pwolanin and chx: different radio buttons in the same set should have different HTML id values (XHTML validity fix). Backport #367689 by gollyg. * #335741 by electricmonk. Do not recurse over non-objects. * #287725 by mantyla. Sort by mid to avoid inconsistencies when multiple menu items exist for a node. * 174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico. Backport by matt@antinomia. * #112887 by ged3000. Adding Newfoundland DST * #401494 by andypost. Correctly clear menu cache. * #396224 by pwolanin: Further harden template file name discovery * #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation. * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.