* SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled
In addition to this security vulnerability, the following bugs have been fixed since the 5.2 release:
* 178478 by scor: typo in text displyed when the DB is installed but not accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order comments by cid (ie. original submission order) instead of timestamp (ie. last editing time order) to avoid comments jumping around when being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in install system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited accounts so they are exempt from the spam protection we have for accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
Fix a number of security issues:
SA-2007-024 - Drupal Core - HTTP response splitting
SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
SA-2007-026 - Drupal Core - Cross site scripting via uploads
SA-2007-029 - Drupal Core - User deletion cross site request forgery
SA-2007-030 - Drupal Core - API handling of unpublished comment
Bugs:
Redirect to home page after user registration requiring admin approval.
More correct wording since some modules will actually work despite warning.
variable search_cron_limit was not removed on search uninstall
Append to instead of overwrite #suffix.
hide administration pages links on module help pages if there are no admin links for the module
See http://drupal.org/node/184395 for all the details
Drupal 5.1, 2007-01-29
----------------------
- fixed security issue (code execution), see SA-2007-005
- fixed a variety of small bugs.
Drupal 5.0, 2007-01-15
------------------------
- completely retooled the administration page
* /admin now contains an administration page which may be themed
* reorganised administration menu items by task and by module
* added a status report page with detailed PHP/MySQL/Drupal information
- added web-based installer which can:
* check installation and run-time requirements
* automatically generate the database configuration file
* install pre-made 'install profiles' or distributions
* import the database structure with automatic table prefixing
* be localized
- added new default Garland theme
- added color module to change some themes' color schemes
- included the jQuery JavaScript library 1.0.4 and converted all core JavaScript
to use it
- introduced the ability to alter mail sent from system
- module system:
* added .info files for module meta-data
* added support for module dependencies
* improved module installation screen
* moved core modules to their own directories
* added support for module uninstalling
- added support for different cache backends
- added support for a generic "sites/all" directory.
- usability:
* added support for auto-complete forms (AJAX) to user profiles.
* made it possible to instantly assign roles to newly created user accounts.
* improved configurability of the contact forms.
* reorganized the settings pages.
* made it easy to investigate popular search terms.
* added a 'select all' checkbox and a range select feature to administration
tables.
* simplified the 'break' tag to split teasers from body.
* use proper capitalization for titles, menu items and operations.
- integrated urlfilter.module into filter.module
- block system:
* extended the block visibility settings with a role specific setting.
* made it possible to customize all block titles.
- poll module:
* optionally allow people to inspect all votes.
* optionally allow people to cancel their vote.
- distributed authentication:
* added default server option.
- added default robots.txt to control crawlers.
- database API:
* added db_table_exists().
- blogapi module:
* 'blogapi new' and 'blogapi edit' nodeapi operations.
- user module:
* added hook_profile_alter().
* e-mail verification is made optional.
* added mass editing and filtering on admin/user/user.
- PHP Template engine:
* add the ability to look for a series of suggested templates.
* look for page templates based upon the path.
* look for block templates based upon the region, module, and delta.
- content system:
* made it easier for node access modules to work well with each other.
* added configurable content types.
* changed node rendering to work with structured arrays.
- performance:
* improved session handling: reduces database overhead.
* improved access checking: reduces database overhead.
* made it possible to do memcached based session management.
* omit sidebars when serving a '404 - Page not found': saves CPU cycles and
bandwidth.
* added an 'aggressive' caching policy.
* added a CSS aggregator and compressor (up to 40% faster page loads).
- removed the archive module.
- upgrade system:
* created space for update branches.
- forms API:
* made it possible to programmatically submit forms.
* improved api for multistep forms.
- theme system:
* split up and removed drupal.css.
* added nested lists generation.
* added a self-clearing block class.
For a full list of changes see: http://drupal.org/drupal-4.7.0
In short:
- Updated Documentation for All Modules
- Auto-complete Fields(AJAX)
- Added Mass Comment Operations
- Easier to Make Menu Items
- RSS Feed Settings
- Better Search Index
- New Forms API
Drupal is software that allows an individual or a community of users to easily
publish, manage and organize a great variety of content on a website. Tens of
thousands of people and organizations have used Drupal to set up scores of
different kinds of web sites, including
* community web portals and discussion sites
* corporate web sites/intranet portals
* personal web sites
* aficionado sites
* e-commerce applications
* resource directories
Drupal includes features to enable:
* content management systems
* blogs
* collaborative authoring environments
* forums
* newsletters
* picture galleries
* file uploads and download
