Drupal 6.4 and 5.10 released, fixing security issues More information can be found -> HERE Drupal 6.4 and Drupal 5.10, maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities, are now available for download. Drupal 6.4 Release Note This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-047 - Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed since the 6.3 release: * #225880 follow up by webchick: improve error message when writable settings.php is not present * - Patch #275801 by Damien Tournoud and Gribnif: fixed performance issue due to typo. * - Patch #281943 by webchick, Arancaytar, dropcube et al: order install profiles alphabetically. * - Patch #285467 by mustafau: fixed typo a MT blog API function. * - Patch #238600 by scor: removed two unused links from context-sentive help. * - Patch #268491 by mustafu, pwolanin, et al: fixed notice after deleting aggregator feed. * - Patch #293434 by eMPee584 and Damien: fixed broken watchdog call. * - Patch #254725 by Steve Dondley and BioALIEN: maxlength field for 'allowed HTML tags' is too short * - Patch #290918 by pwolanin: don't unset project info during processing. * - Patch #165642 by Damien Tournoud: error in SQL syntax in user.module. * - Patch #246522 by mustafu, Dries: fixed typo in documentation. * - Patch #283806 by mustafau, Aron Noval: improved error handling in drupal_http_request(). * - Patch #290869 by Wim Leers: AHAH functionality was not working for radio buttons. * - Patch #293421 by Bart Jansens: fixed documentation of sess_count(). * - Patch #290869 by swenterl, cwgordon07: fixed notice in #ahah handling. * - Patch #293343 by Bart Jansens: removed obsolete table name from documentation. Candidate for Most Trivial Patch of the Month Award. * - Patch #293504 by Damien Tournoud: fixed search on PostgreSQL - argument of AND must be type boolean, not type integer. * - Patch #283806 by mustafau: fixed bug in drupal_http_request() Drupal 5.10 Release Note This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-047 - Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed in the 5.10 release: * #117748 by webchick, Pancho, Rob Loach, pwolanin: required field values were not properly trim()ed on validation * #207991 by Rok Zlender: xmlrpc_date did not parse dates well. Backport by clemens.tolboom. * Patch #254725 by Steve Dondley and BioALIEN: maxlength field for 'allowed HTML tags' is too short. Backport by scor. * - Patch #285467 by mustafau: fixed typo a MT blog API function. * #272636 by evolvingweb, dvessel: add 'js' class to html tag in drupal.js instead of overwriting all its classes with 'js'. Backport by sun. * #292538 by Damien Tournoud and hanoii. Fix $sidebar_indicator behavior.