Projects / Drupal / Releases

All releases of Drupal

  •  08 May 2014 19:39
Avatar

    Release Notes: Includes bugfixes and small API/feature improvements only (no major new functionality). Fixes a regression in 7.27 that broke JavaScript in some older Web browsers. Changes made to the Update Manager module in this release may lead to performance slowdowns in certain cases (including on rare page loads for site visitors, if the site is using the automated cron feature).

    •  18 Apr 2014 16:38
    Avatar

      Release Notes: When pages are cached for anonymous users (either by Drupal or by an external system), the form state may leak between anonymous users. As a consequence, there is a chance that interim form input recorded for one anonymous user (which may include sensitive or private information, depending on the nature of the form) will be disclosed to other users interacting with the same form at the same time. This especially affects multi-step Ajax forms because the window of opportunity (i.e., the time span between user input and final form submission) is indeterminable. This release fixes this.

      •  21 Nov 2013 14:14
      Avatar

        Release Notes: Multiple vulnerabilities were fixed related to optimistic cross-site request forgery protection in the Form API validation, multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand() which affected the Form API, OpenID and random password generation, code execution prevention using the files directory .htaccess for Apache, access bypassing for security token validation, cross-site scripting in the image and color modules, and an open redirect in the overlay module.

        •  21 Nov 2013 14:07
        Avatar

          Release Notes: This release fixes multiple vulnerabilities due to optimistic cross-site request forgery protection, multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand(), code execution prevention, and access bypassing. To fix the code execution prevention vulnerability on existing Apache installations also requires changes to your site's .htaccess files in the files directories.

          •  28 Dec 2012 16:23
          Avatar

            Release Notes: Resolves a vulnerability that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. An arbitrary PHP code execution vulnerability was also fixed in the file upload module.

            •  28 Dec 2012 16:18
            Avatar

              Release Notes: Resolves security issues with an access bypass in the user and upload modules as well as arbitrary PHP code execution in the file upload module.

              •  17 Sep 2012 15:52
              Avatar

                Release Notes: This is a maintenance release. It includes bugfixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release. No security fixes are included in this release. Besides documentation fixes, no changes have been made to the .htaccess, robots.txt, or settings.php files in this release, so upgrading custom versions of those files is not necessary.

                •  03 May 2012 02:52
                Avatar

                  Release Notes: This is a maintenance release to fix 17 miscellaneous bugs.

                  •  03 May 2012 02:45
                  Avatar

                    Release Notes: Security vulnerabilities related to a denial of service, unvalidated form redirect, access bypass in the forum listing, access bypass for private images, and access bypass for content administration were fixed.

                    •  02 May 2012 20:02
                    Avatar

                      Release Notes: This maintenance release fixes 17 miscellaneous bugs.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.