Drupal 6.19, 2010-08-11 ---------------------- - Fixed a variety of small bugs, improved code documentation. Drupal 6.18, 2010-08-11 ---------------------- - Fixed security issues (OpenID authentication bypass, File download access bypass, Comment unpublishing bypass, Actions cross site scripting), see SA-CORE-2010-002. Drupal 6.17, 2010-06-02 ---------------------- - Improved PostgreSQL compatibility - Better PHP 5.3 and PHP 4 compatibility - Better browser compatibility of CSS and JS aggregation - Improved logging for login failures - Fixed an incompatibility with some contributed modules and the locking system - Fixed a variety of other bugs. Drupal 6.16, 2010-03-03 ---------------------- - Fixed security issues (Installation cross site scripting, Open redirection, Locale module cross site scripting, Blocked user session regeneration), see SA-CORE-2010-001. - Better support for updated jQuery versions. - Reduced resource usage of update.module. - Fixed several issues relating to support of install profiles and distributions. - Added a locking framework to avoid data corruption on long operations. - Fixed a variety of other bugs. Drupal 6.15, 2009-12-16 ---------------------- - Fixed security issues (Cross site scripting), see SA-CORE-2009-009. - Fixed a variety of other bugs. Drupal 6.14, 2009-09-16 ---------------------- - Fixed security issues (OpenID association cross site request forgeries, OpenID impersonation and File upload), see SA-CORE-2009-008. - Changed the system modules page to not run all cache rebuilds; use the button on the performance settings page to achieve the same effect. - Added support for PHP 5.3.0 out of the box. - Fixed a variety of small bugs. Drupal 6.13, 2009-07-01 ---------------------- - Fixed security issues (Cross site scripting, Input format access bypass and Password leakage in URL), see SA-CORE-2009-007. - Fixed a variety of small bugs. Drupal 6.12, 2009-05-13 ---------------------- - Fixed security issues (Cross site scripting), see SA-CORE-2009-006. - Fixed a variety of small bugs. Drupal 6.11, 2009-04-29 ---------------------- - Fixed security issues (Cross site scripting and limited information disclosure), see SA-CORE-2009-005 - Fixed performance issues with the menu router cache, the update status cache and improved cache invalidation - Fixed a variety of small bugs. Drupal 6.10, 2009-02-25 ---------------------- - Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-003 - Fixed node_feed() so custom fields can show up in RSS feeds. - Improved PostgreSQL compatibility. - Fixed a variety of small bugs. Drupal 6.9, 2009-01-14 ---------------------- - Fixed security issues, (Access Bypass, Validation Bypass and Hardening against SQL injection), see SA-CORE-2009-001 - Made HTTP request checking more robust and informative. - Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and basic shell scripts. - Removed t() calls from all schema documentation. Suggested best practice changed for contributed modules, see http://drupal.org/node/322731. - Fixed a variety of small bugs. Drupal 6.8, 2008-12-11 ---------------------- - Removed a previous change incompatible with PHP 5.1.x and lower. Drupal 6.7, 2008-12-10 ---------------------- - Fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073 - Updated robots.txt and .htaccess to match current file use. - Fixed a variety of small bugs. Drupal 6.6, 2008-10-22 ---------------------- - Fixed security issues, (File inclusion, Cross site scripting), see SA-2008-067 - Fixed a variety of small bugs. Drupal 6.5, 2008-10-08 ---------------------- - Fixed security issues, (File upload access bypass, Access rules bypass, BlogAPI access bypass), see SA-2008-060. - Fixed a variety of small bugs. Drupal 6.4, 2008-08-13 ---------------------- - Fixed a security issue (Cross site scripting, Arbitrary file uploads via BlogAPI, Cross site request forgeries and Various Upload module vulnerabilities), see SA-2008-047. - Improved error messages during installation. - Fixed a bug that prevented AHAH handlers to be attached to radios widgets. - Fixed a variety of small bugs. Drupal 6.3, 2008-07-09 ---------------------- - Fixed security issues, (Cross site scripting, cross site request forgery, session fixation and SQL injection), see SA-2008-044. - Slightly modified installation process to prevent file ownership issues on shared hosts. - Improved PostgreSQL compatibility (rewritten queries; custom blocks). - Upgraded to jQuery 1.2.6. - Performance improvements to search, menu handling and form API caches. - Fixed Views compatibility issues (Views for Drupal 6 requires Drupal 6.3+). - Fixed a variety of small bugs. Drupal 6.2, 2008-04-09 ---------------------- - Fixed a variety of small bugs. - Fixed a security issue (Access bypasses), see SA-2008-026. Drupal 6.1, 2008-02-27 ---------------------- - Fixed a variety of small bugs. - Fixed a security issue (Cross site scripting), see SA-2008-018. Drupal 6.0, 2008-02-13 ---------------------- - New, faster and better menu system. - New watchdog as a hook functionality. * New hook_watchdog that can be implemented by any module to route log messages to various destinations. * Expands the severity levels from 3 (Error, Warning, Notice) to the 8 levels defined in RFC 3164. * The watchdog module is now called dblog, and is optional, but enabled by default in the default install profile. * Extended the database log module so log messages can be filtered. * Added syslog module: useful for monitoring large Drupal installations. - Added optional e-mail notifications when users are approved, blocked, or deleted. - Drupal works with error reporting set to E_ALL. - Added scripts/drupal.sh to execute Drupal code from the command line. Useful to use Drupal as a framework to build command-line tools. - Made signature support optional and made it possible to theme signatures. - Made it possible to filter the URL aliases on the URL alias administration screen. - Language system improvements: * Support for right to left languages. * Language detection based on parts of the URL. * Browser based language detection. * Made it possible to specify a node's language. * Support for translating posts on the site to different languages. * Language dependent path aliases. * Automatically import translations when adding a new language. * JavaScript interface translation. * Automatically import a module's translation upon enabling that module. - Moved "PHP input filter" to a standalone module so it can be deleted for security reasons. - Usability: * Improved handling of teasers in posts. * Added sticky table headers. * Check for clean URL support automatically with JavaScript. * Removed default/settings.php. Instead the installer will create it from default.settings.php. * Made it possible to configure your own date formats. * Remember anonymous comment posters. * Only allow modules and themes to be enabled that have explicitly been ported to the correct core API version. * Can now specify the minimum PHP version required for a module within the .info file. * Drupal core no longer requires CREATE TEMPORARY TABLES or LOCK TABLES database rights. * Dynamically check password strength and confirmation. * Refactored poll administration. * Implemented drag-and-drop positioning for blocks, menu items, taxonomy vocabularies and terms, forums, profile fields, and input format filters. - Theme system: * Added .info files to themes and made it easier to specify regions and features. * Added theme registry: modules can directly provide .tpl.php files for their themes without having to create theme_ functions. * Used the Garland theme for the installation and maintenance pages. * Added theme preprocess functions for themes that are templates. * Added support for themeable functions in JavaScript. - Refactored update.php to a generic batch API to be able to run time-consuming operations in multiple subsequent HTTP requests. - Installer: * Themed the installer with the Garland theme. * Added form to provide initial site information during installation. * Added ability to provide extra installation steps programmatically. * Made it possible to import interface translations at install time. - Added the HTML corrector filter: * Fixes faulty and chopped off HTML in postings. * Tags are now automatically closed at the end of the teaser. - Performance: * Made it easier to conditionally load .include files and split up many core modules. * Added a JavaScript aggregator. * Added block-level caching, improving performance for both authenticated and anonymous users. * Made Drupal work correctly when running behind a reverse proxy like Squid or Pound. - File handling improvements: * Entries in the files table are now keyed to a user instead of a node. * Added reusable validation functions to check for uploaded file sizes, extensions, and image resolution. * Added ability to create and remove temporary files during a cron job. - Forum improvements: * Any node type may now be posted in a forum. - Taxonomy improvements: * Descriptions for terms are now shown on taxonomy/term pages as well as RSS feeds. * Added versioning support to categories by associating them with node revisions. - Added support for OpenID. - Added support for triggering configurable actions. - Added the Update status module to automatically check for available updates and warn sites if they are missing security updates or newer versions. Sites deploying from CVS should use http://drupal.org/project/cvs_deploy. Advanced settings provided by http://drupal.org/project/update_advanced. - Upgraded the core JavaScript library to jQuery version 1.2.3. - Added a new Schema API, which provides built-in support for core and contributed modules to work with databases other than MySQL. - Removed drupal.module. The functionality lives on as the Site network contributed module (http://drupal.org/project/site_network). - Removed old system updates. Updates from Drupal versions prior to 5.x will require upgrading to 5.x before upgrading to 6.x. Drupal 5.23, 2010-08-11 ----------------------- - Fixed security issues (File download access bypass, Comment unpublishing bypass), see SA-CORE-2010-002. Drupal 5.22, 2010-03-03 ----------------------- - Fixed security issues (Open redirection, Locale module cross site scripting, Blocked user session regeneration), see SA-CORE-2010-001. Drupal 5.21, 2009-12-16 ----------------------- - Fixed a security issue (Cross site scripting), see SA-CORE-2009-009. - Fixed a variety of small bugs. Drupal 5.20, 2009-09-16 ----------------------- - Avoid security problems resulting from writing Drupal 6-style menu declaration s. - Fixed security issues (session fixation), see SA-CORE-2009-008. - Fixed a variety of small bugs. Drupal 5.19, 2009-07-01 ----------------------- - Fixed security issues (Cross site scripting and Password leakage in URL), see SA-CORE-2009-007. - Fixed a variety of small bugs. Drupal 5.18, 2009-05-13 ---------------------- - Fixed security issues (Cross site scripting), see SA-CORE-2009-006. - Fixed a variety of small bugs. Drupal 5.17, 2009-04-29 ----------------------- - Fixed security issues (Cross site scripting and limited information disclosure ) see SA-CORE-2009-005. - Fixed a variety of small bugs. Drupal 5.16, 2009-02-25 ----------------------- - Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-00 4. - Fixed a variety of small bugs. Drupal 5.15, 2009-01-14 ---------------------- - Fixed security issues, (Hardening against SQL injection), see SA-CORE-2009-001 - Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and basic shell scripts. - Fixed a variety of small bugs. Drupal 5.14, 2008-12-11 ---------------------- - Removed a previous change incompatible with PHP 5.1.x and lower. Drupal 5.13, 2008-12-10 ----------------------- - fixed a variety of small bugs. - fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073 - updated robots.txt and .htaccess to match current file use. Drupal 5.12, 2008-10-22 ----------------------- - fixed security issues, (File inclusion), see SA-2008-067 Drupal 5.11, 2008-10-08 ----------------------- - fixed a variety of small bugs. - fixed security issues, (File upload access bypass, Access rules bypass, BlogAPI access bypass, Node validation bypass), see SA-2008-060 Drupal 5.10, 2008-08-13 ----------------------- - fixed a variety of small bugs. - fixed security issues, (Cross site scripting, Arbitrary file uploads via BlogAPI and Cross site request forgery), see SA-2008-047 Drupal 5.9, 2008-07-23 ---------------------- - fixed a variety of small bugs. - fixed security issues, (Session fixation), see SA-2008-046 Drupal 5.8, 2008-07-09 ---------------------- - fixed a variety of small bugs. - fixed security issues, (Cross site scripting, cross site request forgery, and session fixation), see SA-2008-044 Drupal 5.7, 2008-01-28 ---------------------- - fixed the input format configuration page. - fixed a variety of small bugs. Drupal 5.6, 2008-01-10 ---------------------- - fixed a variety of small bugs. - fixed a security issue (Cross site request forgery), see SA-2008-005 - fixed a security issue (Cross site scripting, UTF8), see SA-2008-006 - fixed a security issue (Cross site scripting, register_globals), see SA-2008-0 07 Drupal 5.5, 2007-12-06 ---------------------- - fixed missing missing brackets in a query in the user module. - fixed taxonomy feed bug introduced by SA-2007-031 Drupal 5.4, 2007-12-05 ---------------------- - fixed a variety of small bugs. - fixed a security issue (SQL injection), see SA-2007-031 Drupal 5.3, 2007-10-17 ---------------------- - fixed a variety of small bugs. - fixed a security issue (HTTP response splitting), see SA-2007-024 - fixed a security issue (Arbitrary code execution via installer), see SA-2007-0 25 - fixed a security issue (Cross site scripting via uploads), see SA-2007-026 - fixed a security issue (User deletion cross site request forgery), see SA-2007 -029 - fixed a security issue (API handling of unpublished comment), see SA-2007-030 Drupal 5.2, 2007-07-26 ---------------------- - changed hook_link() $teaser argument to match documentation. - fixed a variety of small bugs. - fixed a security issue (cross-site request forgery), see SA-2007-017 - fixed a security issue (cross-site scripting), see SA-2007-018 Drupal 5.1, 2007-01-29 ---------------------- - fixed security issue (code execution), see SA-2007-005 - fixed a variety of small bugs. Drupal 5.0, 2007-01-15 ---------------------- - Completely retooled the administration page * /Admin now contains an administration page which may be themed * Reorganised administration menu items by task and by module * Added a status report page with detailed PHP/MySQL/Drupal information - Added web-based installer which can: * Check installation and run-time requirements * Automatically generate the database configuration file * Install pre-made 'install profiles' or distributions * Import the database structure with automatic table prefixing * Be localized - Added new default Garland theme - Added color module to change some themes' color schemes - Included the jQuery JavaScript library 1.0.4 and converted all core JavaScript to use it - Introduced the ability to alter mail sent from system - Module system: * Added .info files for module meta-data * Added support for module dependencies * Improved module installation screen * Moved core modules to their own directories * Added support for module uninstalling - Added support for different cache backends - Added support for a generic "sites/all" directory. - Usability: * Added support for auto-complete forms (AJAX) to user profiles. * Made it possible to instantly assign roles to newly created user accounts. * Improved configurability of the contact forms. * Reorganized the settings pages. * Made it easy to investigate popular search terms. * Added a 'select all' checkbox and a range select feature to administration tables. * Simplified the 'break' tag to split teasers from body. * Use proper capitalization for titles, menu items and operations. - Integrated urlfilter.module into filter.module - Block system: * Extended the block visibility settings with a role specific setting. * Made it possible to customize all block titles. - Poll module: * Optionally allow people to inspect all votes. * Optionally allow people to cancel their vote. - Distributed authentication: * Added default server option. - Added default robots.txt to control crawlers. - Database API: * Added db_table_exists(). - Blogapi module: * 'Blogapi new' and 'blogapi edit' nodeapi operations. - User module: * Added hook_profile_alter(). * E-mail verification is made optional. * Added mass editing and filtering on admin/user/user. - PHP Template engine: * Add the ability to look for a series of suggested templates. * Look for page templates based upon the path. * Look for block templates based upon the region, module, and delta. - Content system: * Made it easier for node access modules to work well with each other. * Added configurable content types. * Changed node rendering to work with structured arrays. - Performance: * Improved session handling: reduces database overhead. * Improved access checking: reduces database overhead. * Made it possible to do memcached based session management. * Omit sidebars when serving a '404 - Page not found': saves CPU cycles and bandwidth. * Added an 'aggressive' caching policy. * Added a CSS aggregator and compressor (up to 40% faster page loads). - Removed the archive module. - Upgrade system: * Created space for update branches. - Forms API: * Made it possible to programmatically submit forms. * Improved api for multistep forms. - Theme system: * Split up and removed drupal.css. * Added nested lists generation. * Added a self-clearing block class. Drupal 4.7.11, 2008-01-10 ------------------------- - fixed a security issue (Cross site request forgery), see SA-2008-005 - fixed a security issue (Cross site scripting, UTF8), see SA-2008-006 - fixed a security issue (Cross site scripting, register_globals), see SA-2008-0 07 Drupal 4.7.10, 2007-12-06 ------------------------- - fixed taxonomy feed bug introduced by SA-2007-031 Drupal 4.7.9, 2007-12-05 ------------------------ - fixed a security issue (SQL injection), see SA-2007-031 Drupal 4.7.8, 2007-10-17 ---------------------- - fixed a security issue (HTTP response splitting), see SA-2007-024 - fixed a security issue (Cross site scripting via uploads), see SA-2007-026 - fixed a security issue (API handling of unpublished comment), see SA-2007-030 Drupal 4.7.7, 2007-07-26 ------------------------ - fixed security issue (XSS), see SA-2007-018 Drupal 4.7.6, 2007-01-29 ------------------------ - fixed security issue (code execution), see SA-2007-005 Drupal 4.7.5, 2007-01-05 ------------------------ - Fixed security issue (XSS), see SA-2007-001 - Fixed security issue (DoS), see SA-2007-002 Drupal 4.7.4, 2006-10-18 ------------------------ - Fixed security issue (XSS), see SA-2006-024 - Fixed security issue (CSRF), see SA-2006-025 - Fixed security issue (Form action attribute injection), see SA-2006-026 Drupal 4.7.3, 2006-08-02 ------------------------ - Fixed security issue (XSS), see SA-2006-011 Drupal 4.7.2, 2006-06-01 ------------------------ - Fixed critical upload issue, see SA-2006-007 - Fixed taxonomy XSS issue, see SA-2006-008 - Fixed a variety of small bugs. Drupal 4.7.1, 2006-05-24 ------------------------ - Fixed critical SQL issue, see SA-2006-005 - Fixed a serious upgrade related bug. - Fixed a variety of small bugs. Drupal 4.7.0, 2006-05-01 ------------------------ - Added free tagging support. - Added a site-wide contact form. - Theme system: * Added the PHPTemplate theme engine and removed the Xtemplate engine. * Converted the bluemarine theme from XTemplate to PHPTemplate. * Converted the pushbutton theme from XTemplate to PHPTemplate. - Usability: * Reworked the 'request new password' functionality. * Reworked the node and comment edit forms. * Made it easy to add nodes to the navigation menu. * Added site 'offline for maintenance' feature. * Added support for auto-complete forms (AJAX). * Added support for collapsible page sections (JS). * Added support for resizable text fields (JS). * Improved file upload functionality (AJAX). * Reorganized some settings pages. * Added friendly database error screens. * Improved styling of update.php. - Refactored the forms API. * Made it possible to alter, extend or theme forms. - Comment system: * Added support for "mass comment operations" to ease repetitive tasks. * Comment moderation has been removed. - Node system: * Reworked the revision functionality. * Removed the bookmarklet code. Third-party modules can now handle This. - Upgrade system: * Allows contributed modules to plug into the upgrade system. - Profiles: * Added a block to display author information along with posts. * Added support for private profile fields. - Statistics module: * Added the ability to track page generation times. * Made it possible to block certain IPs/hostnames. - Block system: * Added support for theme-specific block regions. - Syndication: * Made the aggregator module parse Atom feeds. * Made the aggregator generate RSS feeds. * Added RSS feed settings. - XML-RPC: * Replaced the XML-RPC library by a better one. - Performance: * Added 'loose caching' option for high-traffic sites. * Improved performance of path aliasing. * Added the ability to track page generation times. - Internationalization: * Improved Unicode string handling API. * Added support for PHP's multibyte string module. - Added support for PHP5's 'mysqli' extension. - Search module: * Made indexer smarter and more robust. * Added advanced search operators (e.g. phrase, node type, ...). * Added customizable result ranking. - PostgreSQL support: * Removed dependency on PL/pgSQL procedural language. - Menu system: * Added support for external URLs. - Queue module: * Removed from core. - HTTP handling: * Added support for a tolerant Base URL. * Output URIs relative to the root, without a base tag. Drupal 4.6.11, 2007-01-05 ------------------------- - Fixed security issue (XSS), see SA-2007-001 - Fixed security issue (DoS), see SA-2007-002 Drupal 4.6.10, 2006-10-18 ------------------------ - Fixed security issue (XSS), see SA-2006-024 - Fixed security issue (CSRF), see SA-2006-025 - Fixed security issue (Form action attribute injection), see SA-2006-026 Drupal 4.6.9, 2006-08-02 ------------------------ - Fixed security issue (XSS), see SA-2006-011 Drupal 4.6.8, 2006-06-01 ------------------------ - Fixed critical upload issue, see SA-2006-007 - Fixed taxonomy XSS issue, see SA-2006-008 Drupal 4.6.7, 2006-05-24 ------------------------ - Fixed critical SQL issue, see SA-2006-005 Drupal 4.6.6, 2006-03-13 ------------------------ - Fixed bugs, including 4 security vulnerabilities. Drupal 4.6.5, 2005-12-12 ------------------------ - Fixed bugs: no critical bugs were identified. Drupal 4.6.4, 2005-11-30 ------------------------ - Fixed bugs, including 3 security vulnerabilities. Drupal 4.6.3, 2005-08-15 ------------------------ - Fixed bugs, including a critical "arbitrary PHP code execution" bug. Drupal 4.6.2, 2005-06-29 ------------------------ - Fixed bugs, including two critical "arbitrary PHP code execution" bugs. Drupal 4.6.1, 2005-06-01 ------------------------ - Fixed bugs, including a critical input validation bug. Drupal 4.6.0, 2005-04-15 ------------------------ - PHP5 compliance - Search: * Added UTF-8 support to make it work with all languages. * Improved search indexing algorithm. * Improved search output. * Impose a throttle on indexing of large sites. * Added search block. - Syndication: * Made the ping module ping pingomatic.com which, in turn, will ping all the major ping services. * Made Drupal generate RSS 2.0 feeds. * Made RSS feeds extensible. * Added categories to RSS feeds. * Added enclosures to RSS feeds. - Flood control mechanism: * Added a mechanism to throttle certain operations. - Usability: * Refactored the block configuration pages. * Refactored the statistics pages. * Refactored the watchdog pages. * Refactored the throttle module configuration. * Refactored the access rules page. * Refactored the content administration page. * Introduced forum configuration pages. * Added a 'add child page' link to book pages. - Contact module: * Added a simple contact module that allows users to contact each other usin g e-mail. - Multi-site configuration: * Made it possible to run multiple sites from a single code base. - Added an image API: enables better image handling. - Block system: * Extended the block visibility settings. - Theme system: * Added new theme functions. - Database backend: * The PEAR database backend is no longer supported. - Performance: * Improved performance of the forum topics block. * Improved performance of the tracker module. * Improved performance of the node pages. - Documentation: * Improved and extended PHPDoc/Doxygen comments. Drupal 4.5.8, 2006-03-13 ------------------------ - Fixed bugs, including 3 security vulnerabilities. Drupal 4.5.7, 2005-12-12 ------------------------ - Fixed bugs: no critical bugs were identified. Drupal 4.5.6, 2005-11-30 ------------------------ - Fixed bugs, including 3 security vulnerabilities. Drupal 4.5.5, 2005-08-15 ------------------------ - Fixed bugs, including a critical "arbitrary PHP code execution" bug. Drupal 4.5.4, 2005-06-29 ------------------------ - Fixed bugs, including two critical "arbitrary PHP code execution" bugs. Drupal 4.5.3, 2005-06-01 ------------------------ - Fixed bugs, including a critical input validation bug. Drupal 4.5.2, 2005-01-15 ------------------------ - Fixed bugs: a cross-site scripting (XSS) vulnerability has been fixed. Drupal 4.5.1, 2004-12-01 ------------------------ - Fixed bugs: no critical bugs were identified. Drupal 4.5.0, 2004-10-18 ------------------------ - Navigation: * Made it possible to add, delete, rename and move menu items. * Introduced tabs and subtabs for local tasks. * Reorganized the navigation menus. - User management: * Added support for multiple roles per user. * Made it possible to add custom profile fields. * Made it possible to browse user profiles by field. - Node system: * Added support for node-level permissions. - Comment module: * Made it possible to leave contact information without having to register. - Upload module: * Added support for uploading documents (includes images). - Forum module: * Added support for sticky forum topics. * Made it possible to track forum topics. - Syndication: * Added support for RSS ping-notifications of http://technorati.com/. * Refactored the categorization of syndicated news items. * Added an URL alias for 'rss.xml'. * Improved date parsing. - Database backend: * Added support for multiple database connections. * The PostgreSQL backend does no longer require PEAR. - Theme system: * Changed all GIFs to PNGs. * Reorganised the handling of themes, template engines, templates and styles . * Unified and extended the available theme settings. * Added theme screenshots. - Blocks: * Added 'recent comments' block. * Added 'categories' block. - Blogger API: * Added support for auto-discovery of blogger API via RSD. - Performance: * Added support for sending gzip compressed pages. * Improved performance of the forum module. - Accessibility: * Improved the accessibility of the archive module's calendar. * Improved form handling and error reporting. * Added HTTP redirects to prevent submitting twice when refreshing right aft er a form submission. - Refactored 403 (forbidden) handling and added support for custom 403 pages. - Documentation: * Added PHPDoc/Doxygen comments. - Filter system: * Added support for using multiple input formats on the site * Expanded the embedded PHP-code feature so it can be used everywhere * Added support for role-dependant filtering, through input formats - UI translation: * Managing translations is now completely done through the administration in terface * Added support for importing/exporting gettext .po files Drupal 4.4.3, 2005-06-01 ------------------------ - Fixed bugs, including a critical input validation bug. Drupal 4.4.2, 2004-07-04 ------------------------ - Fixed bugs: no critical bugs were identified. Drupal 4.4.1, 2004-05-01 ------------------------ - Fixed bugs: no critical bugs were identified. Drupal 4.4.0, 2004-04-01 ------------------------ - Added support for the MetaWeblog API and MovableType extensions. - Added a file API: enables better document management. - Improved the watchdog and search module to log search keys. - News aggregator: * Added support for conditional GET. * Added OPML feed subscription list. * Added support for <image>, <pubDate>, <dc:date>, <dcterms:created>, <dcter ms:issued> and <dcterms:modified>. - Comment module: * Made it possible to disable the "comment viewing controls". - Performance: * Improved module loading when serving cached pages. * Made it possible to automatically disable modules when under heavy load. * Made it possible to automatically disable blocks when under heavy load. * Improved performance and memory footprint of the locale module. - Theme system: * Made all theme functions start with 'theme_'. * Made all theme functions return their output. * Migrated away from using the BaseTheme class. * Added many new theme functions and refactored existing theme functions. * Added avatar support to 'Xtemplate'. * Replaced theme 'UnConeD' by 'Chameleon'. * Replaced theme 'Marvin' by 'Pushbutton'. - Usability: * Added breadcrumb navigation to all pages. * Made it possible to add context-sensitive help to all pages. * Replaced drop-down menus by radio buttons where appropriate. * Removed the 'magic_quotes_gpc = 0' requirement. * Added a 'book navigation' block. - Accessibility: * Made themes degrade gracefully in absence of CSS. * Grouped form elements using '<fieldset>' and '<legend>' tags. * Added '<label>' tags to form elements. - Refactored 404 (file not found) handling and added support for custom 404 page s. - Improved the filter system to prevent conflicts between filters: * Made it possible to change the order in which filters are applied. - Documentation: * Added PHPDoc/Doxygen comments. Drupal 4.3.2, 2004-01-01 ------------------------ - Fixed bugs: no critical bugs were identified. Drupal 4.3.1, 2003-12-01 ------------------------ - Fixed bugs: no critical bugs were identified. Drupal 4.3.0, 2003-11-01 ------------------------ - Added support for configurable URLs. - Added support for sortable table columns. - Database backend: * Added support for selective database table prefixing. - Performance: * Optimized many SQL queries for speed by converting left joins to inner joi ns. - Comment module: * Rewrote the comment housekeeping code to be much more efficient and scalab le. * Changed the comment module to use the standard pager. - User module: * Added support for multiple sessions per user. * Added support for anonymous user sessions. - Forum module: * Improved the forum views and the themability thereof. - Book module: * Improved integration of non-book nodes in the book outline. - Usability: * Added support for "mass node operations" to ease repetitive tasks. * Added support for breadcrumb navigation to several modules' user pages. * Integrated the administration pages with the normal user pages. Drupal 4.2.0, 2003-08-01 ------------------------ - Added support for clean URLs. - Added textarea hook and support for onload attributes: enables integration of WYSIWYG editors. - Rewrote the RSS/RDF parser: * It will now use PHP's built-in XML parser to parse news feeds. - Rewrote the administration pages: * Improved the navigational elements and added breadcrumb navigation. * Improved the look and feel. * Added context-sensitive help. - Database backend: * Fixed numerous SQL queries to make Drupal ANSI compliant. * Added MSSQL database scheme. - Search module: * Changed the search module to use implicit AND'ing instead of implicit OR'i ng. - Node system: * Replaced the "post content" permission by more fine-grained permissions. * Improved content submission: + Improved teasers: teasers are now optional, teaser length can be confi gured, teaser and body are edited in a single textarea, users will no longer be bothered with teasers when the post is too short for one. + Added the ability to preview both the short and the full version of yo ur posts. * Extended the node API which allows for better integration. * Added default node settings to control the behavior for promotion, moderat ion and other options. - Themes: * Replaced theme "Goofy" by "Xtemplate", a template driven theme. - Removed the 'register_globals = on' requirement. - Added better installation instructions. Drupal 4.1.0, 2003-02-01 ------------------------ - Collaboratively revised and expanded the Drupal documentation. - Rewrote comment.module: * Reintroduced comment rating/moderation. * Added support for comment paging. * Performance improvements: improved comment caching, faster SQL queries, et c. - Rewrote block.module: * Performance improvements: blocks are no longer rendered when not displayed . - Rewrote forum.module: * Added a lot of features one can find in stand-alone forum software includi ng but not limited to support for topic paging, added support for icons, rewrote the statistics module, etc. - Rewrote statistics.module: * Collects access counts for each node, referrer logs, number of users/guest s. * Export blocks displaying top viewed nodes over last 24 hour period, top vi ewed nodes over all time, last nodes viewed, how many users/guest online. - Added throttle.module: * Auto-throttle congestion control mechanism: Drupal can adapt itself based on the server load. - Added profile.module: * Enables to extend the user and registration page. - Added pager support to the main page. - Replaced weblogs.module by ping.module: * Added support for normal and RSS notifications of http://blo.gs/. * Added support for RSS ping-notifications of http://weblogs.com/. - Removed the rating module - Themes: * Removed a significant portion of hard-coded mark-up. Drupal 4.0.0, 2002-06-15 ------------------------ - Added tracker.module: * Replaces the previous "your [site]" links (recent comments and nodes). - Added weblogs.module: * This will ping weblogs.com when new content is promoted. - Added taxonomy module which replaces the meta module. * Supports relations, hierarchies and synonyms. - Added a caching system: * Speeds up pages for anonymous users and reduces system load. - Added support for external SMTP libraries. - Added an archive extension to the calendar. - Added support for the Blogger API. - Themes: * Cleaned up the theme system. * Moved themes that are not maintained to contributions CVS repository. - Database backend: * Changed to PEAR database abstraction layer. * Using ANSI SQL queries to be more portable. - Rewrote the user system: * Added support for Drupal authentication through XML-RPC and through a Jabb er server. * Added support for modules to add more user data. * Users may delete their own account. * Added who's new and who's online blocks. - Changed block system: * Various hard coded blocks are now dynamic. * Blocks can now be enabled and/or be set by the user. * Blocks can be set to only show up on some pages. * Merged box module with block module. - Node system: * Blogs can be updated. * Teasers (abstracts) on all node types. * Improved error checking. * Content versioning support. * Usability improvements. - Improved book module to support text, HTML and PHP pages. - Improved comment module to mark new comments. - Added a general outliner which will let any node type be linked to a book. - Added an update script that lets you upgrade from previous releases or on a da y to day basis when using the development tree. - Search module: * Improved the search system by making it context sensitive. * Added indexing. - Various updates: * Changed output to valid XHTML. * Improved multiple sites using the same Drupal database support. * Added support for session IDs in URLs instead of cookies. * Made the type of content on the front page configurable. * Made each cloud site have its own settings. * Modules and themes can now be enabled/disabled using the administration pa ges. * Added URL abstraction for links. * Usability changes (renamed links, better UI, etc). - Collaboratively revised and expanded the Drupal documentation. Drupal 3.0.1, 2001-10-15 ------------------------ - Various updates: * Added missing translations * Updated the themes: tidied up some HTML code and added new Drupal logos. Drupal 3.0.0, 2001-09-15 ------------------------ - Major overhaul of the entire underlying design: * Everything is based on nodes: nodes are a conceptual "black box" to couple and manage different types of content and that promotes reusing existing code, thus reducing the complexity and size of Drupal as well as improving long-term s tability. - Rewrote submission/moderation queue and renamed it to queue.module. - Removed FAQ and documentation module and merged them into a "book module". - Removed ban module and integrated it into account.module as "access control": * Access control is based on much more powerful regular expressions (regex) now rather than on MySQL pattern matching. - Rewrote watchdog and submission throttle: * Improved watchdog messages and added watchdog filter. - Rewrote headline code and renamed it to import.module and export.module: * Added various improvements, including a better parser, bundles and better control over individual feeds. - Rewrote section code and renamed it to meta.module: * Supports unlimited amount of nested topics. Topics can be nested to create a multi-level hierarchy. - Rewrote configuration file resolving: * Drupal tries to locate a configuration file that matches your domain name or uses conf.php if the former failed. Note also that the configuration files go t renamed from .conf to .php for security's sake on mal-configured Drupal sites. - Added caching support which makes Drupal extremely scalable. - Added access.module: * Allows you to set up 'roles' (groups) and to bind a set of permissions to each group. - Added blog.module. - Added poll.module. - Added system.module: * Moved most of the configuration options from hostname.conf to the new admi nistration section. * Added support for custom "filters". - Added statistics.module - Added moderate.module: * Allows to assign users editorial/moderator rights to certain nodes or topi cs. - Added page.module: * Allows creation of static (and dynamic) pages through the administration i nterface. - Added help.module: * Groups all available module documentation on a single page. - Added forum.module: * Added an integrated forum. - Added cvs.module and cvs-to-sql.pl: * Allows to display and mail CVS log messages as daily digests. - Added book.module: * Allows collaborative handbook writing: primary used for Drupal documentati on. - Removed cron.module and integrated it into conf.module. - Removed module.module as it was no longer needed. - Various updates: * Added "auto-post new submissions" feature versus "moderate new submissions ". * Introduced links/Drupal tags: [[link]] * Added preview functionality when submitting new content (such as a story) from the administration pages. * Made the administration section only show those links a user has access to . * Made all modules use specific form_* functions to guarantee a rock-solid f orms and more consistent layout. * Improved scheduler: + Content can be scheduled to be 'posted', 'queued' and 'hidden'. * Improved account module: + Added "access control" to allow/deny certain usernames/e-mail addresse s/hostnames. * Improved locale module: + Added new overview to easy the translation process. * Improved comment module: + Made it possible to permanently delete comments. * Improved rating module * Improved story module: + Added preview functionality for administrators. + Made it possible to permanently delete stories. * Improved themes: + W3C validation on a best effort basis. + Removed $theme->control() from themes. + Added theme "goofy". - Collaboratively revised and expanded the Drupal documentation. Drupal 2.0.0, 2001-03-15 ------------------------ - Rewrote the comment/discussion code: * Comment navigation should be less confusing now. * Additional/alternative display and order methods have been added. * Modules can be extended with a "comment system": modules can embed the exi sting comment system without having to write their own, duplicate comment system . - Added sections and section manager: * Story sections can be maintained from the administration pages. * Story sections make the open submission more adaptive in that you can set individual post, dump and expiration thresholds for each section according to th e story type and urgency level: stories in certain sections do not "expire" and might stay interesting and active as time passes by, whereas news-related storie s are only considered "hot" over a short period of time. - Multiple vhosts + multiple directories: * You can set up multiple Drupal sites on top of the same physical source tr ee either by using vhosts or sub-directories. - Added "user ratings" similar to SlashCode's Karma or Scoop's Mojo: * All rating logic is packed into a module to ease experimenting with differ ent rating heuristics/algorithms. - Added "search infrastructure": * Improved search page and integrated search functionality in the administra tion pages. - Added translation / localization / internationalization support: * Because many people would love to see their website showing a lot less of English, and far more of their own language, Drupal provides a framework to set up a multi-lingual website or to overwrite the default English text in English. - Added fine-grained user permission (or group) system: * Users can be granted access to specific administration sections. Example: a FAQ maintainer can be given access to maintain the FAQ and translators can be given access to the translation pages. - Added FAQ module - Changed the "open submission queue" into a (optional) module. - Various updates: * Improved account module: + User accounts can be deleted. + Added fine-grained permission support. * Improved block module * Improved diary module: + Diary entries can be deleted * Improved headline module: + Improved parser to support more "generic" RDF/RSS/XML backend. * Improved module module * Improved watchdog module * Improved database abstraction layer * Improved themes: + W3C validation on a best effort basis + Added theme "example" (alias "Stone Age") * Added new scripts to directory "scripts" * Added directory "misc" * Added CREDITS file - Revised documentation Drupal 1.0.0, 2001-01-15 ------------------------ - Initial release