Drupal 6.10 and 5.16 released, fixing security issues More information can be found -> HERE Drupal 6.9 and Drupal 5.15, maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities, are now available for download. Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. Important update notes It is important to run update.php. These releases did not change the .htaccess, robots.txt and (default.)settings.php files, so you can keep your existing files intact, if you have modifications in them. Regarding Drupal 6.10: In this release, we've fixed a bug, so that custom CCK fields are now actually displayed in RSS feeds. You might want to revisit your content type settings pages and configure which field should be included in feeds. Drupal 6.10 Release Note * SA-CORE-2009-003 - Local file inclusion on Windows * - Patch #298722 by pwolanin: _menu_translate returns FALSE before to_arg is available. Drupal.org upgrade blocker. * #310863 by bangpound, dboulet, catch, lee20: Locale variable results in locale module install, so skip adding empty variable when not needed. * #275796 by Gribnif, Damien Tournoud, Dave Reid, vaish: module_list() should set its static variable to NULL instead of unset()-ing it, so it does not retain its value * #328110 by marcingy, swentel, Damien Tournoud, pwolanin, David_Rothstein: the link argument is passed by reference to menu_link_save(), so avoid overwriting local variables in menu_enable(). * #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag. * #220559 by eMPee584, Desbeers, Damien Tournoud: only ever add the active class to links in l() and theme_links(), if the language was set and is the current language or if the language was not set on the link * #365183 by Eaton: node_feed() did not use the same API functions as node_view() did, so custom fields were missing from the output * #356721 by c960657, Dave Reid: remove static caching of the clean URLs setting in url() to help automated tests; the setting is cached through variable_get(), which however allows altering of the setting * #290282 by kratib, jvandyk, ainigma32: Only track/limit the recursive invocations of actions_do(), instead of tracking/limiting them all. * #320395 by qutoz, swentel: Set node format to 0 in node_submit() if the body was turned off to avoid a minor notice. * #359918 by Dave Reid: database.inc documents the 'unique key' key, while it should be 'unique keys' * #152098 by hunthunthunt, mgifford, Dave Reid: add 'for' attribute to 'label' tags on checkboxes and radio buttons, even if the 'label' wraps the element - accessibility best practice * #314286 backport of some of #229129 by assimonds: disbaled checkboxes did not receive their values properly from the default value set * #243524 by christefano, chx: our phpinfo page was very limited; give all info possible instead * #203323 by JirkaRybka, robertgarrigos, lilou, thePanz, c960657, sun: move the LANGUAGE_* constants to bootstrap.inc and remove several defined() checks on them now that they are always defined * #276174 by nbz, John Morahan, slightly modified: do not escape username more then once at multiple places in blog.module * #310768 by bob_hirnlego, cdale: missing primary table and field specification in db_rewrite_sql() when called from taxonomy_overview_terms() * #363262 by catch, chx: in Drupal 6, the url_alias table introduced a language column, but did not extend its index to that; though queries are formed on src and language * #326210 by AlexisWilke, grendzy, jhedstrom: Take the menu item in its first submission and menu_nodeapi() by reference, so that any modifications of the item in the saving process will carry over to other submit handlers; making itpossible to write modules extending menu item manipulation * - Patch #383318 by mr.baileys: incorrect memory shortage warning when memory limit is unlimited. * #337162 by midkemia and ainigma32: keep the Drupal 5 menu items descriptions when upgrading to Drupal 6 * - Patch #381438 by drumm: do not use page cache for drupal.sh requests. * #109588 by fago, cdale: use the existing user account objects instead of arg() checks, as well as fix use of where it should be * #296082 by jandd, stefanor, nigel: avoid table aliasing in UPDATE query in system_update_6001() since PostreSQL does not support that * #376408 by ajevans85, pwolanin: Prevent an empty anchor tag and parenthesis appearing in the output for the search index in search_nodeapi() * #383724 by Heine, bjaspan: SA-CORE-2009-003 Drupal 5.16 Release Note * SA-CORE-2009-004 Drupal core - Local file inclusion on Windows * #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url() * #360038 by sun. Documentation improvement. * #179244 by tangent: line break filter operates on object element. * #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag.