Drupal 6.17 released, fixing security issues
Drupal 6.17, a maintenance release fixing issues reported through the bug tracking system, is now available for download. There are no security fixes in this release. Upgrading your existing Drupal 6 sites is recommended. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement.
Highlights of changes in this release include improvements of session cookie handling, better processing of big XML-RPC payloads, improved PostgreSQL compatibility, better PHP 5.3 and PHP 4 compatibility, improved Japanese support in search module, better browser compatibility of CSS and JS aggregation and improved logging for login failures. An incompatibility of Drupal 6.16's new lock subsystem with some contributed modules was also resolved. In total there were about 55 patches committed to improve Drupal 6.
The full list of changes between the 6.16 and 6.17 releases can be found by reading the 6.17 release notes. A complete list of all bug fixes in the stable DRUPAL-6 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-6.
Given enough bug fixes (not just bug reports) more maintenance releases will be made available.
Drupal 6.17 Release Note
* #732096 by Dave Reid, sun: fix PHP 4 incompatibility problem in update module
* #606796 by jhodgdon: fix code documentation of filter_form() and filter_form_validate()
* #722190 by bjaspan: avoid infite recursion in filter_list_format() even if the database has broken data under Drupal
* #642524 by jennifer.chang: fix notice in language.inc's URL rewrite
* #722190 rollback: do not assume an empty filter set if there is no default input format
* - Patch #791358 by Dave Reid: provide 'mail ids' in hook_mollom_form_info().
* - Patch #793196 by justinrandell: rollback accidental commit with php5 code for D6.
* #732064 follow up by pwolanin: move lock system loading earlier to avoid stepping over it or attempting to use it before it is loaded
* #791610 by jhodgdon: minor typo in lock.inc
* #719500 by rvec, jhodgdon, senden: minor duplicated documentation in lock.inc
* #321981 by joachim, jackaponte: UPGRADE.txt instructions needed updates with directory names
* #695468 by Caligan: document theme functions generating submission information for comments and nodes
* #499774 by jbrauer: feed URL handling was missing from core (alias for http)
* #664806 by jhodgdon, sender: standardize phptemplate.engine documentation blocks
* #758686 by jhodgdon, sender: clean up documentation for file_move() and file_copy()
* #320171 by Deve Reid, jbrauer: fix return value passing by reference in bootstrap.inc's IP address checking
* #462628 by Heine, pwolanin, dww: better documentation for taxonomy_form() to avoid possible security issues from contributed code
* #770598 by greggles, grendzy: move user login failure attempt logging to user_authenticate() to have unified logging with all kinds of authentication schemes, including blogapi
* #362256 by pwolanin: backport poll module vote number form access handling from D7, avoid clearing vote numbers when editing a poll
* #266488 by MadHarold, nbz, Damien Tournoud, sbandyopadhyay: fix some errors in username validation, clean up code style and add missing support for apostrophes
* #229051 by jaydub, ainigma32, Josh Waihi, Dave Reid, druido, bellHead: solve top visitors pagination issues in statistics module with postgresql
* #587568 by Berdir, yhager: improve PHP 5.3 compatibility by using hook_nodeapi() the right way in node_search()
* #523058 by catch, sun, c960657, smk-ka, pwolanin, andypost: optimize calls to check_plain() by trying to use new PHP 5 features and inlining UTF-8 checking
* #306611 by joshk, jbomb, sun, dereine, andypost: avoid calling nonexistent action callbacks (eg. when a module is disabled); also backport some documentation improvements
* #323438 by emok, chx, mfb: uploaded files become arrays in previews, so object property checking will not work on them (from PHP 5.2.12+)
* #796048 by jbafford: if JS files are concatenated with a one line comment and a multiline comment, that can lead up to JS parse issues
* #762434 by pwolanin: make form_build_id generation consistent
* #669714 by dww: remove superfluous menu_rebuild() from update_uninstall()
* #222926 by deviantintegral, sun, jcnventura, tic2000, jenlampton, smk-ka: htmlcorrector filter escapes HTML comments
* #495956 by cafuego, sun, andypost, Josh Waihi, axyo: do not assume that the database will insert role numbers or filter format indexes in a specific way
* #43462 by leafish_dylan, c960657, andypost: simplify and fix compatibility of compression code in page caching
* #265719 by kkaefer, JacobSingh, ksenzee, pivica: fix path mangling in CSS aggregation code to be sure to generate IE compatible CSS
* #696698 by confiz, jhodgdon, qasimzee, Garrett Albright: document WATCHDOG_* constants properly
* #566390 by Gábor Hojtsy, seutje, Jose Reyero: Apply locale import protection user setting to plural forms the same way we apply to other parts of the .po file
* #638702 by jhodgdon: fix issues where the return value of db_affected_rows() was not properly considered
* #712598 by joachim, add1sun, jhodgdon: documentation for user_pass_reset_url()
* #133188 by Behrang, John Morahan, frega: Line break converter can result in empty node display due to PCRE limits
* #256001 by bjaspan, stormsweeper, Darren Oh: pgsql driver does not handle unsigned numeric fields properly
* #360023 by greggles, rszrama, stella, sun, andypost: add missing comment publish action and clean up some code documentation
* #340557 by Dave Cohen, Dave Reid, dropcube, smk-ka: speed up drupal_is_front_page() by caching its value instead of computing each time
* #493770 by Garrett Albright, tobiasb: Search incorrectly splits some katakana words
* #293614 by mustafu: avoid reporting two error messages when feed parse errors occur in aggregator
* #323528 by halcyonCorsair, jhedstrom, Damien Tournoud, andypost: UPDATE queries should not use table name aliases for pgsql compatibility
* #374463 by salvis: also pass on the comment when altering comment links additionaly to the node
* #696696 follow up by asimmonds: restore WATCHDOG_EMERG constant name
* #283095 by rszrama, mr.baileys, jhodgdon: fix/update documentation for confirm_form()
* #332703 by Damien Tournoud, hajo: user password request should check name access rules against names, email access rules against emails
* #508738 by terrychild, Eric_A: prevent the padding in drupalhtml_to_text() from falling below zero
* #478946 by Scott Reynolds, agentrickard: node_access batch rebuild will fail when a node isn't loadable
* #49941 by geodaniel, Davy Van Den Bremt, bdragon: let users set no expiry on statistics module data if they want to
* #265973 by clemens.tolboom, Damien Tournoud, Uccio, dixon_, mr.baileys: make Drupal capable of handling bigger XML-RPC messages by removing some unnecessary processing
* #259679 by pwolanin: add more specific checking to user_category_load() of the path, so the edit tab will show properly when seeing other tabs
* #677750 by jurgenhaas: fix possibility for notice in xmlrpcs.inc
* #682784 by andrewfn, naxoc, Island Usurper: make it possible to remove query strings and fragments from menu items after added
* #458704 by markus_petrux, tic2000, Damien Tournoud: only remove the www. prefix from autodetected cookie domains, not custom set cookie domains
* #345591 by JacobSingh, pwolanin, c960657: add additional return data of protocol and status_messaga at all times, not just on error in drupal_http_request()
- 5 years 7 months ago
- 5 years 9 months ago
- 7 years 4 months ago
- 7 years 4 months ago
- 7 years 11 months ago
- 8 years 1 month ago
- 8 years 1 month ago
- 8 years 6 months ago
- 8 years 7 months ago
- 8 years 9 months ago