Drupal 6.16 and 5.22 released, fixing security issues More information can be found -> HERE Drupal 6.16 and 5.22, maintenance releases which fix issues reported through the bug tracking system, as well as security vulnerabilities, are now available for download. Drupal 6.16 also fixes other smaller issues. Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. Important update notes These releases did not change the (default.)settings.php and robots.txt files, so you can keep your existing files intact, if you have modifications in them. The .htaccess file was changed in Drupal 6.16, adding make files to the list of files not served by Apache. See http://drupal.org/node/638030 for more information. Drupal 6.16 Release Note This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2010-001 - Drupal Core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed since the 6.15 release: * #673974 by sun: PHP notice when mass-unpublishing or deleting comments, and wrong form validation redirect * #424372 by mr.baileys, bombatower, Arancaytar: :: in .info files caused fatal error, use list of constants for lookup instead * #370958 by Rob Loach, drewish, c960657, neilnz: some Adobe Flash MIME types were missing from our MIME listing * #284392 follow up by benoitg, brianV, mathieu, evoltech, tyr, Steven Jones, agentrickard, bl444137: better fix for issues around SQL rewrites adding DISTINCT * #251792 by pwolanin, Damien Tournoud, slantview, c960657: added a locking framework for long running operations; solves rebuilding issues with menus and the locale cache * #374463 by neochief, Roger López: comment link altering was missing from comment listing views * #338630 by plach, arhak: locale module was unable to recover from a lost Javascript translation file * #656078 by kiamlaluno, jhodgdon: minor typo fix in theme_table() documentation * #669374 by jhodgdon: code comments using @verbatim should use @code instead * #287063 by mkalkbrenner, mikeryan: avoid node_delete() 'leaking' memory via node_load() caching (eg. when multiple nodes are being deleted) * #396388 by jmpoure, Alex_Tutubalin, Shiny, andypost,: rework comment ordering subquery to be SQL standards (and therefore PostgreSQL) compatible * #393632 by ao2, andypost: add both first and last class to single menu items * #696052 by Dave Reid: locale module variables are not properly uninstalled when the module is removed, causing fatal errors (backport of #347288) * - Patch #638030 by dww: hide *.make files via .htaccess. * #358315 by neochief, Damien Tournoud, andypost: drupal_lookup_path() does not respect path alias ordering when older aliases are retained * #302240 follow up by sun, fago: re-enable form rebuilds, when a button of #type button is used * #409676 by mrfelton: remove watchdog message when JS files are parsed by locale; had minimal debugging value * #330297 by Stefan Freudenberg, anarcat, jonhattan, mig5: themes in profiles directory were not discovered during install * #669554 by dww: reduce memory use of update module by only saving attributes update module needs from .info files * #675308 by jhodgdon, trevjs: improved API documentation for theme_comment_view() * #594518 by jhodgdon: better documentation for file_munge_filename() * #591804 by rfay, merlinofchaos, sp3boy: theme preprocess functions in include files only run on theme registry rebuild for tpl.php files in themes * #720516 by Dave Reid: taxonomy_get_term() and taxonomy_vocabulary_load() cannot restore their internal caches, therefore cannot be used in testing * #510996 by salvatored, tuffnatty, jide: the @disabled jQuery selector was deprecated in v1.2, so do not use it anymore * #263445 by merlinofchaos, Dave Reid: replace improper use of drupal_to_js() with drupal_json() * #696684 by confiz: add minimal documentation to dblog_watchdog() * #696586 by qasimzee: backport documentation for NODE_NEW_LIMIT from Drupal 7 * #668714 by Dave Reid, bombatower: drupal_add_link() should not add a newline on its own * #517642 by solipsist, lyrincz: db_field_set_default() omitted type check on default value, cauing problems for non-NULL fields * #212236 by wrwrwr: move empty paragraph handling to after other paragraph operations are done in _filter_autop() * #575804 by Heine, c960657: if an OpenID URL contains a fragment identifier, it must be stripped off * #604290 by JeremyFrench: speed up initial loading of user admin page considerably, when no filters are used * #422218 by salvis, sun: forum_load() should load the forum term id for a forum node, not just any term id it is related to * #704158 by mikeytown2, marvil07 and myself: fix notice in user_preferred_language() when the user has no preferred language yet * #729308 by toddgee: fix colliding system.install update numbers * #261258 by Damien Tournoud, David_Rothstein, pwolanin: node_save() could result in broken data with certain database configurations when log messages are not included Drupal 5.22 Release Note This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-010 - Drupal Core - Cross site scripting Drupal 5 will no longer be maintained when Drupal 7 is released. Upgrading to Drupal 6 is recommended.