Drupal 7.5, a maintenance release which fixes security vulnerabilities is now available for download. Drupal 7.7 also fixes other issues reported through the bug tracking system. Note: Drupal 7.7 is just Drupal 7.6 with a fixed VERSION string (7.6 was reporting itself as 7.5). No other changes. Upgrading your existing Drupal 7 sites is strongly recommended. There are no new features in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. Changelog Drupal 7.5 only includes fixes for security issues. Drupal 7.6 also includes bugfixes. The full list of changes between the 7.4 and 7.7 releases can be found by reading the 7.6 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log. Security vulnerabilities Drupal 7.5 was released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory: SA-CORE-2011-003 To fix the security problem, please upgrade Drupal. Update notes (#634616) AJAX now responds to 'click' instead of 'mousedown'. Testing was performed to make sure this doesn't affect major contributed modules, but could cause issues. (#1164852) The 'translatable' flag on fields added via the UI now defaults to FALSE, same as fields added via the API do. Contrib modules such as Entity Translation can allow toggling this back for sites that need it. An upgrade path will be included in a future release to bring all legacy fields into compliance. (#1083982) Remote streamwrappers are now supported, because of fixes to where drupal_realpath() is called. Drupal 7.7 Release Note The sixth maintenance release of the Drupal 7 series. Only bugfixes have been committed. No security fixes are included in this release. New features are only being added to the forthcoming Drupal 8.0 release. This release includes the security fixes from Drupal 7.5 which was released alongside Drupal 7.6. No additional security fixes are included. Major changes committed since Drupal 7.4 are as follows: Changes since Drupal 7.4 #1000736 by fangel, stBorchert, adorsk: Fixed Term reference autocomplete widget having problems handling terms with commas. #1218954 by Mark Theunissen: Fixed Path aliases broken after upgrade. #634616 follow-up by sun: Documentation and bug fix for 'prevent' AJAX property. #1164852 follow-up by plach: Fix node module update which was hard-coding translatable to TRUE. #1206200 follow-up by chx: Commit missing hunk from 7.x version. #1164852 by plach: Default the 'translatable' bit on fields to FALSE for fields created in the UI, to match those created by the API. #1206200 by plach, chx: Add support for field meta conditions in EntityFieldQuery to allow for field language updates. #822054 by agentrickard: Remove site_mission() cruft in system.test. #898634 by catch, alex_b, chx: Fixed install_drupal(): call to menu-touching functions results in SQL syntax error. #1179426 by chx, xjm: Added tests for SA-CORE-2011-001. #348448 follow-up by jbrown: Coding standard fixes to E_STRICT tests. #952970 by clemens.tolboom, yched: Fixed Undefined index: required in field_default_form(). #931512 by ahwebd, catch, tobiasb: Fixed Node body 'description' and 'required' are missed on nodes upgraded from D6 to D7. #1019470 by benjamin.wss, bfroehle: Ensure that file_directory_temp() works on Windows. #771448 by Damien Tournoud, attiks: Changed Use proc_open() instead of pcntl_fork() in simpletest. #929166 by dww, deviantintegral, yoroy: Add warning if private files are accessible over the web. #348448 follow-up by jrchamp, catch: Fix E_STRICT errors. #1010480 by catch: Optimize _menu_navigation_links_rebuild(). #1187906 by David_Rothstein, tstoeckler: Fixed Shortcut module cannot be installed via an install profile if the menu module wasn't installed first. #1196310 by barbi, JamesK: Fixed node_feed() doc does not conform to standards. #1180100 by barbi: Fixed drupal_attributes() doc should mention the space at beginning of return value. #949616 by catch, a.mikheychik, adamdicarlo, dixon_, anavarre: Fixed Multiple parent relations confirmation form loses term description. #1040262 by tsi: Fixed locale-rtl.css. #1040262 by tsi: Fixed locale-rtl.css. #237634 by salvis: Document that node_access_write_grants() should not be called directly. #1047070 by douggreen, marcingy, yched: Fixed list_field_update_forbid() logic is backwards. #1209470 by Damien Tournoud: Fixed REQUEST_TIME is a float with microseconds on PHP 5.4. #1181576 by James_Stallings: Fixed node_get_recent() doc needs to clarify what 'recent' means. #1007910 by lyricnz, idflood: Fixed D6->D7 update doesn't convert 'primary-links' menu to 'main-menu'. #1190110 by oriol_e9g: Fixed hook_theme() has error in the 'function' section of return value. #983632 by peterpoe, marcingy, catch: Fixed 'New' comment marker does not work. #1136130 follow-up by pillarsdotnet: Document why WATCHDOG_* constants are necessary. #1007830 follow-up by bfroehle: Better fix for nested transactions throw exceptions on ddl changes in MySQL. #360377 by deviantintegral, janusman: Fixed book_get_books() cache becomes stale when batch-inserting book pages. #1162022 by sun: Ensure #validate and #submit keys always exist in drupal_prepare_form(). And the .install file for the test. You'd think I wouldn't forget that TWICE, but you would be wrong. #1169564 by FreekyMage, jhodgdon: Fixed hook_file_download() - sample function body not updated for d7/8. #879076 by alex_b, pillarsdotnet, ceardach: Fixed Do not set expired=0 where expired is already 0 (performance). #1179582 by dalin: Changed l() documentation should mention that sanitization is not performed when HTML => TRUE. #978028 by Dave Reid: Fixed File token fixes: [file:description] does not exist and [file:owner] not using format_username(). #1103590 by dcrocks: Fixed blocks being added to 'hidden' region when theme first enabled. #1203852 by pwolanin: Changed Increase hashing iterations for more secure password hashes. #1205882 by Psikik, rbayliss: Fixed hook_delete() function body has typo. #1204844 by good_man: Fixed User module lacks a little RTL. #1203766 by sun, lyricnz: Fixed With large number of permissions /admin/people/permissions becomes unusable. #1071846 by gbrands: Fixed conf_path() doc needs cleanup. #1192178 by pillarsdotnet: Changed The user_module_invoke() function lacks documentation of parameters. #813052 by lyricnz, droplet, dinknaround: Fixed Undefined index: format in comment_preview() line 2065 and line 2183. #1198396 by pillarsdotnet, jhodgdon: Fixed Add required docs to user_pass_rehash() function. #188947 by lyricnz: Fixed date_validate()(form) should be date_validate()(element). #1101678 by cwells73, jhodgdon: Fixed documentation for hook_search_status() #1049462 by rfay: Fixed Usage of deprecated form_state['clicked_button'] causes bugs during AJAX submissions by non-buttons. #1130198 by pillarsdotnet, Damien Tournoud: Fixed Regression: line-breaks are mangled by drupal_html_to_text(). #634616 by effulgentsia, rfay, sun: Fixed Various problems due to AJAX binding to mousedown instead of click. #1083982 by Damien Tournoud: Fixed support for remote streamwrappers. #1204648 by webchick: Fixed Tests added for SA-2011-CORE-002 broke testbot.