Drupal 5.9 released, fixing security issues
Drupal 5.9 has been released to correct a vulnerability that was inadvertantly left in Drupal 5.8
Drupal 5.9 Release Note
The ninth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.
This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:
* SA-2008-046 - Drupal core - Session fixation
In addition to this security vulnerability, the following bugs have been fixed in the 5.9 release:
* #281042 by schuyler1d. Render blocks before CSS and JS header generation.
* #232433 by Damien Tournoud. Use non-localized date for RSS.
* #281494 by beeradb. Code style.
* #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0.
* #252921 by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility.
* #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions
* #280934. Make sure session is always regenerated.