* SA-2008-060 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed in the 5.11 release:
* - Patch 265899 by mfb: uri_brief mail token did not support https URLs.
* - Patch 170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie.
* 296096 by Damien Tournoud. Fix 5.10 Postgres install & update.
* - Patch 246143 by bjaspan, Damien Tournoud: make sure updates are run in numeric order, not in definition order.
* 181831 by Rob Loach. Backport of #130630 by chx: provide an id on the form item wrapper div.
* 283026 by Damien Tournoud. Make user_authenticate from external source (for existing users) work with no server part.
* 298535 by mkalkbrenner. Correct HTTP status code for failed connection.
* 108717 by add1sun and neclimdul. Code style.
* - Patch 230932 by ryanlath: file_scan_directory() didn't scan the directory called '0'. Backport by cridenour.
* follow up to 280621 by lilou: the object tag was disallowed in a previous version in filter_xss_admin(), so disallow param as well, which is only meaningful inside an object tag
* 208270 reported by Dries, patch by jvandyk: it was not possible to clear the XML-RPC error cache, making it impossible to do multiple queries in one request. Add xmlrpc_clear_error() and slightly modify xmlrpc_error() to fix.
* - Patch 308549 by lyrincz, Dave Reid: fixed broken link in PHPdoc.
* 67895 patch by goba, tested by JirkaRybka and blackdog: move poll votes with poll options, when an option is removed, instead of dropping all old votes, solving an old data loss bug. Backport by dww.
* 312730 by Damien Tournoud. hook_requirements('install') should work for modules that don't reside in the main './modules' folder.
ce27b6b12d