Drupal 6.3 and Drupal 5.8, maintenance releases fixing problems reported using the bug tracking system, as well as security vulnerabilities, are now available for download. Drupal 6.3 also includes some changes to the installer to prevent file ownership issues on shared hosts; upgrades jQuery to version 1.2.6; improves PostreSQL compatibility; fixes performance issues in search, menu and form API and contains a variety of other small improvements. It should also be noted that the Views for Drupal 6 release candidate requires Drupal 6.3 [1] to run properly.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
In addition to this security vulnerability, the following bugs have been fixed since the 6.2 release:
- - Patch #245904 [5] by boombatower: fixed E_NOTICE warning in the XML-RPC library.
- - Patch #245826 [6] by Jax: trust_root is not set for OpenID 1.0 due to an undefined variable.
- - Patch #244942 [7] by pwolanin: fixed outdated function name in schema description.
- - Patch #236242 [8] by jpoesen and Garrett Albright: fixed two typos in the node module's install file.
- - Patch #232433 [9] by mfb: make sure RSS feeds validate.
- - Patch #249941 [10] by John Morahan: fixed incorrect parameters of watchdog() calls.
- - Patch #230932 [11] by ryanlath: file_scan_directory() didn't scan the directory called '0'.
- #153998 [12] follow up by salvis: we should return NULL if access cannot be granted based on permissions so the node level permission system can take it forward
- #241570 [13] by merlinofchaos: original hook name was not carried over when using patterns, so preprocess function collection was broken in that case
- #216504 [14] by mcarbone and webchick: comment table was not properly aliased in comment_render()'s count query, so db_rewrite_sql() was not working well on the query
- #127295 [15] by yhager: module version numbers should always be displayed LTR
- #88892 [16] by darthsteven and flobruit: form_set_value() documentation was misleading, updating that
- #226869 [17] by boydj and hswong3i: minor code style cleanup with aggregator module queries
- #234065 [18] by David_Rothstein: (very minor) one dot missing from secondary links explanation on upgrade path from Drupal 5
- - Patch #225859 [19] by webchick: fixed warning in author information block.
- - Patch #231132 [20] by snufkin: fixed invalid XML-RPC error messages due to HTML tags being inserted in the message string.
- - Patch #253022 [21] by beginner: fixed typo in code comments.
- - Modified patch #230374 [22] by killes, jakeg, Eaton et al: corrected problem with form API caches not being flushed. This could lead to performance issues.
- - Patch #239958 [23] by Steve Dondley: clearing cache does not immediately reload theme's .info file.
- - Patch #256736 [24] by flobruit: fixed bad HTML in help text. flobruit is on a patching spree!
- - Patch #258128 [25] by webchick: @parameter should be @param. Gets the Most Trivial Patch of the Month Award.
- #258120 [26] report by dag, patch my myself: l() attributes were not updated properly to Drupal 6 in theme_username()
- #200824 [27] by sammys, justinrandell, Arancaytar, test by vladimir.dolgopolov: drupal_write_record() returns array in some error cases when it should just return objects
- #241570 [28] follow up by merlinofchaos: the previous patch was inverting the problem with theme preprocess functions
- - Patch #258405 [29] by greggles: clean up MAINTAINERS.txt.
- - Patch #259463 [30] by dmitrig01: notification e-mail for pending user registrations had blank subject line.
- #217957 [31] by yched, quicksketch: header cell removal is broken when headers use colspans (and a little bit of performance improvement)
- #238760 [32] by Optalgin, boydjd, Damien Tournoud, pwolanin: reduce window for error in menu table rebuilding, only emptying the table once we have data to save to there
- #249571 [33] by pwolanin: primary and secondary links did not get the active-trail class
- #189568 [34] follow up by dvessel and Desbeers: we need to unset the CSS file overriden so that it is not added on CSS aggregation
- #252580 [35] by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0
- #258192 [36] by dww: strong and em tags could just as well have attributes as any other tag
- - Patch #169899 [37] by Island Usurper: taxonomy caching not always working.
- #259483 [38] by merlinofchaos, pwolanin: Undefined index: attributes in menu.inc line 517
- - Patch #268204 [39] by aclight: fixed E_NOTICE.
- - Patch #251402 [40] by quicksketch: text can't be selected via click and drag when the Drupal drag and drop interface is present in IE7.
- - Patch #269443 [41] by dvessel: normalize node types.
- - Patch #254553 [42] by aclight: fixed E_NOTICE.
- #257279 [43] by robertDouglass and David Lesieur, tested by douggreen: removing an extra join which was not required in the do_search query; improves search speed.
- #252921 [44] by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility
- - Patch #271326 [45] by keith.smith: fixed oxymoron in the installation guide.
- - Patch #273761 [46] by catch: removed inconsistent delete behavior of nodes. It would leave comments, ratings, etc behind in the database.
- #258475 [47] by alpritt: improve code documentation of the l() function
- #266367 [48] by zeta z: improve code documentation on how modules should provide default theme hook implementation
- #180646 [49] by Heine, John Morahan: taxonomy_get_term_by_name() should use = instead of LIKE in query, to allow for % to be a free tag
- #266596 [50] by pwolanin: menu performance improvement to not localize menu items which are not accessible
- #277677 [51] by yched: fix drupal_write_record() to support updating columns to NULL; required to make CCK work without workarounds
- #170309 [52] by Jaza, keith.smith, naquah, pwolanin, Nick Urban, Pasqualle: menu_set_active_trail() does not allways include all items; fixing breadcrumbs to include parants properly
- #230029 [53] by killes: rework node saving code to remove possible race condition with node and node revision saves; solves duplicate key errors on busy sites
- #272636 [54] by evolvingweb, dvessel: add 'js' class to html tag in drupal.js instead of overwriting all its classes with 'js'
- #256285 [55] by hass, mfer, tested by mfer: upgrade to jQuery 1.2.6, fixing some JavaScript interaction bugs; also improves JavaScript performance
- Fixing CVS Id tag on jquery.js
- - Patch #273523 [56] by aclight: fixed E_NOTICE in theme_fieldset().
- Rolling back #227677 [57]: caused issues with node_save() after its race condition was resolved in #230029 [58]
- - Patch #276846 [59] by pwolanin: fixed malformed cid.
- - Patch #278617 [60] by asimmonds: fixed broken link.
- #174940 [61] by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico
- #276860 [62] by pwolanin: remove unused code in book module (made obsolote by AHAH improvements)
- #197124 [63]: even though documented and intended, themes could not remove module stylesheets by specifying their name with a non-existent file
- #128846 [64] by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions
- #277604 [65] by gpk: code documentation formatting fixes for url() and some other functions in common.inc
- #272900 [66] by pwolanin: avoid saving book (menu) data when another user changed the book in the meantime
- #273129 [67] by luddet, pwolanin: the fix to add the active-trail class to menu items resulted in overwriting of existing attributes
- #225880 [68] by pwolanin, keith.smith: get the user create settings.php instead of Drupal, so upgrading getseasier
Happy Publishing!