|
@@ -1,4 +1,101 @@
|
|
|
|
|
|
|
|
+Drupal 7.43, 2016-02-24
|
|
|
|
+-----------------------
|
|
|
|
+- Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-001.
|
|
|
|
+
|
|
|
|
+Drupal 7.42, 2016-02-03
|
|
|
|
+-----------------------
|
|
|
|
+- Stopped invoking hook_flush_caches() on every cron run, since some modules
|
|
|
|
+ use that hook for expensive operations that are only needed on cache clears.
|
|
|
|
+- Changed the default .htaccess and web.config to block Composer-related files.
|
|
|
|
+- Added static caching to module_load_include() to improve performance.
|
|
|
|
+- Fixed double-encoding bugs in select field widgets provided by the Options
|
|
|
|
+ module. The fix deprecates the 'strip_tags' property on option widgets and
|
|
|
|
+ replaces it with a new 'strip_tags_and_unescape' property (minor data
|
|
|
|
+ structure change).
|
|
|
|
+- Improved MySQL 5.7 support by changing the MySQL database driver to stop
|
|
|
|
+ using the ANSI SQL mode alias, which has different meanings for different
|
|
|
|
+ MySQL versions.
|
|
|
|
+- Fixed a regression introduced in Drupal 7.39 which prevented autocomplete
|
|
|
|
+ functionality from working on servers that are not configured to
|
|
|
|
+ automatically recognize index.php.
|
|
|
|
+- Updated the Archive_Tar PEAR package to the latest 1.4.0 release, to fix bugs
|
|
|
|
+ with tar file handling on various operating systems.
|
|
|
|
+- Fixed fatal errors on node preview when a field is displayed in the node
|
|
|
|
+ teaser but hidden in the full node view. The fix removes a
|
|
|
|
+ field_attach_prepare_view() call from the node_preview() function since it is
|
|
|
|
+ redundant with one in the node preview theme layer.
|
|
|
|
+- Improved the description of the "Trimmed" format option on text fields
|
|
|
|
+ (translatable string change, and minor UI and data structure change).
|
|
|
|
+- Numerous small bug fixes.
|
|
|
|
+- Numerous API documentation improvements.
|
|
|
|
+- Additional automated test coverage.
|
|
|
|
+
|
|
|
|
+Drupal 7.41, 2015-10-21
|
|
|
|
+-----------------------
|
|
|
|
+- Fixed security issues (open redirect). See SA-CORE-2015-004.
|
|
|
|
+
|
|
|
|
+Drupal 7.40, 2015-10-14
|
|
|
|
+-----------------------
|
|
|
|
+- Made Drupal's code for parsing .info files run much faster and use much less
|
|
|
|
+ memory.
|
|
|
|
+- Prevented drupal_http_request() from returning an error when it receives a
|
|
|
|
+ 201 through 206 HTTP status code.
|
|
|
|
+- Added support for autoloading traits via the registry on sites running PHP
|
|
|
|
+ 5.4 or higher.
|
|
|
|
+- Allowed the user-picture.tpl.php theme template to have HTML classes besides
|
|
|
|
+ the default "user-picture" class printed in it (markup change).
|
|
|
|
+- Fixed the URL text filter to convert e-mail addresses with plus signs into
|
|
|
|
+ mailto: links.
|
|
|
|
+- Added alternate text to file icons displayed by the File module, to improve
|
|
|
|
+ accessibility (string change, and minor API addition to theme_file_icon()).
|
|
|
|
+- Changed one-time login link failure messages to be displayed as errors or
|
|
|
|
+ warnings as appropriate, rather than as regular status messages (minor UI
|
|
|
|
+ change and data structure change).
|
|
|
|
+- Changed the default settings.php configuration to exclude private files from
|
|
|
|
+ the "404_fast_paths" behavior.
|
|
|
|
+- Changed the page that displays filter tips for a particular text format, for
|
|
|
|
+ example filter/tips/full_html, to return "page not found" or "access denied"
|
|
|
|
+ if the format does not exist or the user does not have access to it. This
|
|
|
|
+ change adds a new menu item to the Filter module's hook_menu() entry (minor
|
|
|
|
+ data structure change).
|
|
|
|
+- Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the
|
|
|
|
+ cache keys used for caching a particular block.
|
|
|
|
+- Made drupal_set_message() display and return messages when "0" is passed in
|
|
|
|
+ as the message to set.
|
|
|
|
+- Fixed non-functional "Files displayed by default" setting on file fields.
|
|
|
|
+- The "worker callback" provided in hook_cron_queue_info() and the "finished"
|
|
|
|
+ callback specified during batch processing can now be any PHP callable
|
|
|
|
+ instead of just functions.
|
|
|
|
+- Prevented drupal_set_time_limit() from decreasing the time limit in the case
|
|
|
|
+ where the PHP maximum execution time is already unlimited.
|
|
|
|
+- Changed the default thousand marker for numeric fields from a space ("1 000")
|
|
|
|
+ to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
|
|
|
|
+- Prevented malformed theme .info files (without a "name" key) from causing
|
|
|
|
+ exceptions during menu rebuilds. If an .info file without a "name" key is
|
|
|
|
+ found in a module or theme directory, Drupal will now use the module or
|
|
|
|
+ theme's machine name as the display name instead.
|
|
|
|
+- Made the format column in the {date_format_locale} database table
|
|
|
|
+ case-sensitive, to match the equivalent column in the {date_formats} table.
|
|
|
|
+- Fixed a bug in the Statistics module that caused JavaScript files attached to
|
|
|
|
+ a node while it is being viewed to be omitted from the page.
|
|
|
|
+- Added an optional 'project:' prefix that can be added to dependencies in a
|
|
|
|
+ module's .info file to indicate which project the dependency resides in (API
|
|
|
|
+ addition: https://www.drupal.org/node/2299747).
|
|
|
|
+- Fixed various bugs that occurred after hooks were invoked early in the Drupal
|
|
|
|
+ bootstrap and that caused module_implements() and drupal_alter() to cache an
|
|
|
|
+ incomplete set of hook implementations for later use.
|
|
|
|
+- Set the X-Content-Type-Options header to "nosniff" when possible, to prevent
|
|
|
|
+ certain web browsers from picking an unsafe MIME type.
|
|
|
|
+- Prevented the database API from executing multiple queries at once on MySQL,
|
|
|
|
+ if the site's PHP version is new enough to do so. This is a secondary defense
|
|
|
|
+ against SQL injection (API change: https://www.drupal.org/node/2463973).
|
|
|
|
+- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade
|
|
|
|
+ to fail when there were multiple file records pointing to the same file.
|
|
|
|
+- Numerous small bug fixes.
|
|
|
|
+- Numerous API documentation improvements.
|
|
|
|
+- Additional automated test coverage.
|
|
|
|
+
|
|
Drupal 7.39, 2015-08-19
|
|
Drupal 7.39, 2015-08-19
|
|
-----------------------
|
|
-----------------------
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-003.
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-003.
|
|
@@ -86,11 +183,11 @@ Drupal 7.36, 2015-04-01
|
|
- Additional automated test coverage.
|
|
- Additional automated test coverage.
|
|
|
|
|
|
Drupal 7.35, 2015-03-18
|
|
Drupal 7.35, 2015-03-18
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001.
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001.
|
|
|
|
|
|
Drupal 7.34, 2014-11-19
|
|
Drupal 7.34, 2014-11-19
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-006.
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-006.
|
|
|
|
|
|
Drupal 7.33, 2014-11-07
|
|
Drupal 7.33, 2014-11-07
|
|
@@ -159,11 +256,11 @@ Drupal 7.33, 2014-11-07
|
|
- Additional automated test coverage.
|
|
- Additional automated test coverage.
|
|
|
|
|
|
Drupal 7.32, 2014-10-15
|
|
Drupal 7.32, 2014-10-15
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (SQL injection). See SA-CORE-2014-005.
|
|
- Fixed security issues (SQL injection). See SA-CORE-2014-005.
|
|
|
|
|
|
Drupal 7.31, 2014-08-06
|
|
Drupal 7.31, 2014-08-06
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (denial of service). See SA-CORE-2014-004.
|
|
- Fixed security issues (denial of service). See SA-CORE-2014-004.
|
|
|
|
|
|
Drupal 7.30, 2014-07-24
|
|
Drupal 7.30, 2014-07-24
|
|
@@ -178,7 +275,7 @@ Drupal 7.30, 2014-07-24
|
|
- Additional automated test coverage.
|
|
- Additional automated test coverage.
|
|
|
|
|
|
Drupal 7.29, 2014-07-16
|
|
Drupal 7.29, 2014-07-16
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003.
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003.
|
|
|
|
|
|
Drupal 7.28, 2014-05-08
|
|
Drupal 7.28, 2014-05-08
|
|
@@ -224,11 +321,11 @@ Drupal 7.28, 2014-05-08
|
|
- Additional automated test coverage.
|
|
- Additional automated test coverage.
|
|
|
|
|
|
Drupal 7.27, 2014-04-16
|
|
Drupal 7.27, 2014-04-16
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (information disclosure). See SA-CORE-2014-002.
|
|
- Fixed security issues (information disclosure). See SA-CORE-2014-002.
|
|
|
|
|
|
Drupal 7.26, 2014-01-15
|
|
Drupal 7.26, 2014-01-15
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001.
|
|
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001.
|
|
|
|
|
|
Drupal 7.25, 2014-01-02
|
|
Drupal 7.25, 2014-01-02
|
|
@@ -294,7 +391,7 @@ Drupal 7.25, 2014-01-02
|
|
- Additional automated test coverage.
|
|
- Additional automated test coverage.
|
|
|
|
|
|
Drupal 7.24, 2013-11-20
|
|
Drupal 7.24, 2013-11-20
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.
|
|
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.
|
|
|
|
|
|
Drupal 7.23, 2013-08-07
|
|
Drupal 7.23, 2013-08-07
|
|
@@ -548,8 +645,8 @@ Drupal 7.15, 2012-08-01
|
|
- Numerous API documentation improvements.
|
|
- Numerous API documentation improvements.
|
|
- Additional automated test coverage.
|
|
- Additional automated test coverage.
|
|
|
|
|
|
-Drupal 7.14 2012-05-02
|
|
|
|
-----------------------
|
|
|
|
|
|
+Drupal 7.14, 2012-05-02
|
|
|
|
+-----------------------
|
|
- Fixed "integrity constraint" fatal errors when rebuilding registry.
|
|
- Fixed "integrity constraint" fatal errors when rebuilding registry.
|
|
- Fixed custom logo and favicon functionality referencing incorrect paths.
|
|
- Fixed custom logo and favicon functionality referencing incorrect paths.
|
|
- Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
|
|
- Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
|
|
@@ -597,12 +694,12 @@ Drupal 7.14 2012-05-02
|
|
- system_update_7061() converts filepaths too aggressively.
|
|
- system_update_7061() converts filepaths too aggressively.
|
|
- Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25.
|
|
- Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25.
|
|
|
|
|
|
-Drupal 7.13 2012-05-02
|
|
|
|
-----------------------
|
|
|
|
|
|
+Drupal 7.13, 2012-05-02
|
|
|
|
+-----------------------
|
|
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-002.
|
|
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-002.
|
|
|
|
|
|
Drupal 7.12, 2012-02-01
|
|
Drupal 7.12, 2012-02-01
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed bug preventing custom menus from receiving an active trail.
|
|
- Fixed bug preventing custom menus from receiving an active trail.
|
|
- Fixed hook_field_delete() no longer invoked during field_purge_data().
|
|
- Fixed hook_field_delete() no longer invoked during field_purge_data().
|
|
- Fixed bug causing entity info cache to not be cleared with the rest of caches.
|
|
- Fixed bug causing entity info cache to not be cleared with the rest of caches.
|
|
@@ -636,11 +733,11 @@ Drupal 7.12, 2012-02-01
|
|
cache.
|
|
cache.
|
|
|
|
|
|
Drupal 7.11, 2012-02-01
|
|
Drupal 7.11, 2012-02-01
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-001.
|
|
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-001.
|
|
|
|
|
|
Drupal 7.10, 2011-12-05
|
|
Drupal 7.10, 2011-12-05
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed Content-Language HTTP header to not cause issues with Drush 5.x.
|
|
- Fixed Content-Language HTTP header to not cause issues with Drush 5.x.
|
|
- Reduce memory usage of theme registry (performance).
|
|
- Reduce memory usage of theme registry (performance).
|
|
- Fixed PECL upload progress bar for FileField
|
|
- Fixed PECL upload progress bar for FileField
|
|
@@ -993,7 +1090,7 @@ Drupal 7.0, 2011-01-05
|
|
requests.
|
|
requests.
|
|
|
|
|
|
Drupal 6.23-dev, xxxx-xx-xx (development release)
|
|
Drupal 6.23-dev, xxxx-xx-xx (development release)
|
|
------------------------
|
|
|
|
|
|
+---------------------------
|
|
|
|
|
|
Drupal 6.22, 2011-05-25
|
|
Drupal 6.22, 2011-05-25
|
|
-----------------------
|
|
-----------------------
|
|
@@ -1003,25 +1100,25 @@ Drupal 6.22, 2011-05-25
|
|
- Fixed a variety of other bugs.
|
|
- Fixed a variety of other bugs.
|
|
|
|
|
|
Drupal 6.21, 2011-05-25
|
|
Drupal 6.21, 2011-05-25
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (Cross site scripting), see SA-CORE-2011-001.
|
|
- Fixed security issues (Cross site scripting), see SA-CORE-2011-001.
|
|
|
|
|
|
Drupal 6.20, 2010-12-15
|
|
Drupal 6.20, 2010-12-15
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed a variety of small bugs, improved code documentation.
|
|
- Fixed a variety of small bugs, improved code documentation.
|
|
|
|
|
|
Drupal 6.19, 2010-08-11
|
|
Drupal 6.19, 2010-08-11
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed a variety of small bugs, improved code documentation.
|
|
- Fixed a variety of small bugs, improved code documentation.
|
|
|
|
|
|
Drupal 6.18, 2010-08-11
|
|
Drupal 6.18, 2010-08-11
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (OpenID authentication bypass, File download access
|
|
- Fixed security issues (OpenID authentication bypass, File download access
|
|
bypass, Comment unpublishing bypass, Actions cross site scripting),
|
|
bypass, Comment unpublishing bypass, Actions cross site scripting),
|
|
see SA-CORE-2010-002.
|
|
see SA-CORE-2010-002.
|
|
|
|
|
|
Drupal 6.17, 2010-06-02
|
|
Drupal 6.17, 2010-06-02
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Improved PostgreSQL compatibility
|
|
- Improved PostgreSQL compatibility
|
|
- Better PHP 5.3 and PHP 4 compatibility
|
|
- Better PHP 5.3 and PHP 4 compatibility
|
|
- Better browser compatibility of CSS and JS aggregation
|
|
- Better browser compatibility of CSS and JS aggregation
|
|
@@ -1030,7 +1127,7 @@ Drupal 6.17, 2010-06-02
|
|
- Fixed a variety of other bugs.
|
|
- Fixed a variety of other bugs.
|
|
|
|
|
|
Drupal 6.16, 2010-03-03
|
|
Drupal 6.16, 2010-03-03
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (Installation cross site scripting, Open redirection,
|
|
- Fixed security issues (Installation cross site scripting, Open redirection,
|
|
Locale module cross site scripting, Blocked user session regeneration),
|
|
Locale module cross site scripting, Blocked user session regeneration),
|
|
see SA-CORE-2010-001.
|
|
see SA-CORE-2010-001.
|
|
@@ -1042,12 +1139,12 @@ Drupal 6.16, 2010-03-03
|
|
- Fixed a variety of other bugs.
|
|
- Fixed a variety of other bugs.
|
|
|
|
|
|
Drupal 6.15, 2009-12-16
|
|
Drupal 6.15, 2009-12-16
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (Cross site scripting), see SA-CORE-2009-009.
|
|
- Fixed security issues (Cross site scripting), see SA-CORE-2009-009.
|
|
- Fixed a variety of other bugs.
|
|
- Fixed a variety of other bugs.
|
|
|
|
|
|
Drupal 6.14, 2009-09-16
|
|
Drupal 6.14, 2009-09-16
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (OpenID association cross site request forgeries,
|
|
- Fixed security issues (OpenID association cross site request forgeries,
|
|
OpenID impersonation and File upload), see SA-CORE-2009-008.
|
|
OpenID impersonation and File upload), see SA-CORE-2009-008.
|
|
- Changed the system modules page to not run all cache rebuilds; use the
|
|
- Changed the system modules page to not run all cache rebuilds; use the
|
|
@@ -1056,18 +1153,18 @@ Drupal 6.14, 2009-09-16
|
|
- Fixed a variety of small bugs.
|
|
- Fixed a variety of small bugs.
|
|
|
|
|
|
Drupal 6.13, 2009-07-01
|
|
Drupal 6.13, 2009-07-01
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (Cross site scripting, Input format access bypass and
|
|
- Fixed security issues (Cross site scripting, Input format access bypass and
|
|
Password leakage in URL), see SA-CORE-2009-007.
|
|
Password leakage in URL), see SA-CORE-2009-007.
|
|
- Fixed a variety of small bugs.
|
|
- Fixed a variety of small bugs.
|
|
|
|
|
|
Drupal 6.12, 2009-05-13
|
|
Drupal 6.12, 2009-05-13
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
|
|
- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
|
|
- Fixed a variety of small bugs.
|
|
- Fixed a variety of small bugs.
|
|
|
|
|
|
Drupal 6.11, 2009-04-29
|
|
Drupal 6.11, 2009-04-29
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed security issues (Cross site scripting and limited information
|
|
- Fixed security issues (Cross site scripting and limited information
|
|
disclosure), see SA-CORE-2009-005
|
|
disclosure), see SA-CORE-2009-005
|
|
- Fixed performance issues with the menu router cache, the update
|
|
- Fixed performance issues with the menu router cache, the update
|
|
@@ -1075,7 +1172,7 @@ Drupal 6.11, 2009-04-29
|
|
- Fixed a variety of small bugs.
|
|
- Fixed a variety of small bugs.
|
|
|
|
|
|
Drupal 6.10, 2009-02-25
|
|
Drupal 6.10, 2009-02-25
|
|
-----------------------
|
|
|
|
|
|
+-----------------------
|
|
- Fixed a security issue, (Local file inclusion on Windows),
|
|
- Fixed a security issue, (Local file inclusion on Windows),
|
|
see SA-CORE-2009-003
|
|
see SA-CORE-2009-003
|
|
- Fixed node_feed() so custom fields can show up in RSS feeds.
|
|
- Fixed node_feed() so custom fields can show up in RSS feeds.
|
|
@@ -1471,7 +1568,7 @@ Drupal 4.7.9, 2007-12-05
|
|
- fixed a security issue (SQL injection), see SA-2007-031
|
|
- fixed a security issue (SQL injection), see SA-2007-031
|
|
|
|
|
|
Drupal 4.7.8, 2007-10-17
|
|
Drupal 4.7.8, 2007-10-17
|
|
-----------------------
|
|
|
|
|
|
+------------------------
|
|
- fixed a security issue (HTTP response splitting), see SA-2007-024
|
|
- fixed a security issue (HTTP response splitting), see SA-2007-024
|
|
- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
|
|
- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
|
|
- fixed a security issue (API handling of unpublished comment), see SA-2007-030
|
|
- fixed a security issue (API handling of unpublished comment), see SA-2007-030
|
|
@@ -1584,7 +1681,7 @@ Drupal 4.6.11, 2007-01-05
|
|
- Fixed security issue (DoS), see SA-2007-002
|
|
- Fixed security issue (DoS), see SA-2007-002
|
|
|
|
|
|
Drupal 4.6.10, 2006-10-18
|
|
Drupal 4.6.10, 2006-10-18
|
|
-------------------------
|
|
|
|
|
|
+-------------------------
|
|
- Fixed security issue (XSS), see SA-2006-024
|
|
- Fixed security issue (XSS), see SA-2006-024
|
|
- Fixed security issue (CSRF), see SA-2006-025
|
|
- Fixed security issue (CSRF), see SA-2006-025
|
|
- Fixed security issue (Form action attribute injection), see SA-2006-026
|
|
- Fixed security issue (Form action attribute injection), see SA-2006-026
|