Download drupal-7.24.tar.gztar.gz 3.05 MB
MD5: c1ddb37155e4b6160f6508636c06f2a7
SHA-1: f459d52fc486675f081a6cc656b696d4d048a4de
SHA-256: 5ce593bc86f48bb1923f9256de86c47162c54ba578e4ebe9211690b7349d5c40
Download drupal-7.24.zipzip 3.48 MB
MD5: ffa73331e7b47d843b600aab746fb20d
SHA-1: 0f6c6d6241b4901427f80cf0027f6cf444f2315f
SHA-256: fa593a1ab60baeb64fa2a670702e9d3330f85a78c6f3f94645cd892cc2236476

Release info

Created by: David_Rothstein
Created on: 20 Nov 2013 at 21:33 UTC
Last updated: 11 Jan 2016 at 21:43 UTC
Core compatibility: 7.x
Release type: Security update

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

No other fixes are included.

No changes have been made to the top-level .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Important upgrade note:

Upgrading an existing Drupal site to this version requires manual changes to the .htaccess files in the site's files directories. See SA-CORE-2013-003 for instructions.

Known issues:

For a while after the release, sites running certain versions of Drupal core may have seen an erroneous message from the Update Manager module recommending that they update to Drupal 7.19 rather than this release. This appears to be an issue related to the Drupal 7 upgrade which has since been fixed; see this issue for further details.

Major changes since 7.23:

  • This release contains a small change to the form API. It will have no effect on standard form API usage, but could affect code which does highly custom form processing; in particular, any code which calls functions like drupal_process_form() or drupal_validate_form() to process a form directly should be aware that when the form is validated, validation will now stop immediately in the case where the form's cross-site request forgery (CSRF) token fails validation. Previously all subsequent validation handlers would still be executed in this case.
  • There is a new drupal_random_key() API function. Its usage is recommended for any code that needs to obtain a permanent, randomly-generated string which is safe to insert in HTML pages and URLs.