Download drupal-6.29.tar.gztar.gz 1.05 MB
MD5: dd36edf843a68e0a76aee7869d531061
SHA-1: cafe11ee8a7e631b3aedf6f3f90d71ac1a9adac3
SHA-256: 49c17082e78ecd37eb218812d3e4d679b61ec24297c5ee079a206cdc6f45b2db
Download drupal-6.29.zipzip 1.22 MB
MD5: 259830ffcb7a3ac3202e65388650cd1f
SHA-1: 329d37d000ef3df20a9912e53f9549698a492776
SHA-256: d5193106cd2a63e5b3c783f09883c0f979cea7e58aae89597e58b7c6ac7e0b58

Release info

Created by: David_Rothstein
Created on: 20 Nov 2013 at 20:55 UTC
Last updated: 15 Jan 2014 at 20:17 UTC
Core compatibility: 6.x
Release type: Security update

Release notes

Maintenance and security release of the Drupal 6 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

No other fixes are included.

No changes have been made to the top-level .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Important upgrade note:

Upgrading an existing Drupal site to this version requires manual changes to the .htaccess files in the site's files directories. See SA-CORE-2013-003 for instructions.

Known issues:

For a while after the release, sites running certain versions of Drupal core may have seen an erroneous message from the Update Status module recommending that they update to Drupal 6.27 rather than this release. This appears to be an issue related to the Drupal 7 upgrade which has since been fixed; see this issue for further details.

Major changes since 6.28:

  • This release contains a small change to the form API. It will have no effect on standard form API usage, but could affect code which does highly custom form processing; in particular, any code which calls functions like drupal_process_form() or drupal_validate_form() to process a form directly should be aware that when the form is validated, validation will now stop immediately in the case where the form's cross-site request forgery (CSRF) token fails validation. Previously all subsequent validation handlers would still be executed in this case.
  • There is a new drupal_random_key() API function. Its usage is recommended for any code that needs to obtain a permanent, randomly-generated string which is safe to insert in HTML pages and URLs.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects