Drupal 6.3 and Drupal 5.8, maintenance releases fixing problems reported using the bug tracking system, as well as security vulnerabilities, are now available for download. Drupal 6.3 also includes some changes to the installer to prevent file ownership issues on shared hosts; upgrades jQuery to version 1.2.6; improves PostreSQL compatibility; fixes performance issues in search, menu and form API and contains a variety of other small improvements. It should also be noted that the Views for Drupal 6 release candidate requires Drupal 6.3 to run properly.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-044 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.2 release:

• - Patch #245904 by boombatower: fixed E_NOTICE warning in the XML-RPC library.
• - Patch #245826 by Jax: trust_root is not set for OpenID 1.0 due to an undefined variable.
• - Patch #244942 by pwolanin: fixed outdated function name in schema description.
• - Patch #236242 by jpoesen and Garrett Albright: fixed two typos in the node module's install file.
• - Patch #232433 by mfb: make sure RSS feeds validate.
• - Patch #249941 by John Morahan: fixed incorrect parameters of watchdog() calls.
• - Patch #230932 by ryanlath: file_scan_directory() didn't scan the directory called '0'.
• #153998 follow up by salvis: we should return NULL if access cannot be granted based on permissions so the node level permission system can take it forward
• #241570 by merlinofchaos: original hook name was not carried over when using patterns, so preprocess function collection was broken in that case
• #216504 by mcarbone and webchick: comment table was not properly aliased in comment_render()'s count query, so db_rewrite_sql() was not working well on the query
• #127295 by yhager: module version numbers should always be displayed LTR
• #88892 by darthsteven and flobruit: form_set_value() documentation was misleading, updating that
• #226869 by boydj and hswong3i: minor code style cleanup with aggregator module queries
• #234065 by David_Rothstein: (very minor) one dot missing from secondary links explanation on upgrade path from Drupal 5
• - Patch #225859 by webchick: fixed warning in author information block.
• - Patch #231132 by snufkin: fixed invalid XML-RPC error messages due to HTML tags being inserted in the message string.
• - Patch #253022 by beginner: fixed typo in code comments.
• - Modified patch #230374 by killes, jakeg, Eaton et al: corrected problem with form API caches not being flushed. This could lead to performance issues.
• - Patch #239958 by Steve Dondley: clearing cache does not immediately reload theme's .info file.
• - Patch #256736 by flobruit: fixed bad HTML in help text. flobruit is on a patching spree!
• - Patch #258128 by webchick: @parameter should be @param. Gets the Most Trivial Patch of the Month Award.
• #258120 report by dag, patch my myself: l() attributes were not updated properly to Drupal 6 in theme_username()
• #200824 by sammys, justinrandell, Arancaytar, test by vladimir.dolgopolov: drupal_write_record() returns array in some error cases when it should just return objects
• #241570 follow up by merlinofchaos: the previous patch was inverting the problem with theme preprocess functions
• - Patch #258405 by greggles: clean up MAINTAINERS.txt.
• - Patch #259463 by dmitrig01: notification e-mail for pending user registrations had blank subject line.
• #217957 by yched, quicksketch: header cell removal is broken when headers use colspans (and a little bit of performance improvement)
• #238760 by Optalgin, boydjd, Damien Tournoud, pwolanin: reduce window for error in menu table rebuilding, only emptying the table once we have data to save to there
• #249571 by pwolanin: primary and secondary links did not get the active-trail class
• #189568 follow up by dvessel and Desbeers: we need to unset the CSS file overriden so that it is not added on CSS aggregation
• #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0
• #258192 by dww: strong and em tags could just as well have attributes as any other tag
• - Patch #169899 by Island Usurper: taxonomy caching not always working.
• #259483 by merlinofchaos, pwolanin: Undefined index: attributes in menu.inc line 517
• - Patch #268204 by aclight: fixed E_NOTICE.
• - Patch #251402 by quicksketch: text can't be selected via click and drag when the Drupal drag and drop interface is present in IE7.
• - Patch #269443 by dvessel: normalize node types.
• - Patch #254553 by aclight: fixed E_NOTICE.
• #257279 by robertDouglass and David Lesieur, tested by douggreen: removing an extra join which was not required in the do_search query; improves search speed.
• #252921 by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility
• - Patch #271326 by keith.smith: fixed oxymoron in the installation guide.
• - Patch #273761 by catch: removed inconsistent delete behavior of nodes. It would leave comments, ratings, etc behind in the database.
• #258475 by alpritt: improve code documentation of the l() function
• #266367 by zeta z: improve code documentation on how modules should provide default theme hook implementation
• #180646 by Heine, John Morahan: taxonomy_get_term_by_name() should use = instead of LIKE in query, to allow for % to be a free tag
• #266596 by pwolanin: menu performance improvement to not localize menu items which are not accessible
• #277677 by yched: fix drupal_write_record() to support updating columns to NULL; required to make CCK work without workarounds
• #170309 by Jaza, keith.smith, naquah, pwolanin, Nick Urban, Pasqualle: menu_set_active_trail() does not allways include all items; fixing breadcrumbs to include parants properly
• #230029 by killes: rework node saving code to remove possible race condition with node and node revision saves; solves duplicate key errors on busy sites
• #272636 by evolvingweb, dvessel: add 'js' class to html tag in drupal.js instead of overwriting all its classes with 'js'
• #256285 by hass, mfer, tested by mfer: upgrade to jQuery 1.2.6, fixing some JavaScript interaction bugs; also improves JavaScript performance
• Fixing CVS Id tag on jquery.js
• - Patch #273523 by aclight: fixed E_NOTICE in theme_fieldset().
• Rolling back #227677: caused issues with node_save() after its race condition was resolved in #230029
• - Patch #276846 by pwolanin: fixed malformed cid.
• - Patch #278617 by asimmonds: fixed broken link.
• #174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico
• #276860 by pwolanin: remove unused code in book module (made obsolote by AHAH improvements)
• #197124: even though documented and intended, themes could not remove module stylesheets by specifying their name with a non-existent file
• #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions
• #277604 by gpk: code documentation formatting fixes for url() and some other functions in common.inc
• #272900 by pwolanin: avoid saving book (menu) data when another user changed the book in the meantime
• #273129 by luddet, pwolanin: the fix to add the active-trail class to menu items resulted in overwriting of existing attributes
• #225880 by pwolanin, keith.smith: get the user create settings.php instead of Drupal, so upgrading getseasier


Happy Publishing!




Join Hiveminds and link to your website or blog.