Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
No other fixes are included.
No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
On sites with a very large number of unpublished nodes in the database, the Taxonomy module update function introduced in this release may take a very long time to run and consume an excessive amount of memory; see this issue. The solution is to upgrade directly to Drupal 7.28 instead.
Major changes since 7.25:
- The database schema of the OpenID module's "openid_association" table has changed in this release (the "idp_endpoint_uri" column is now the primary key, rather than the "assoc_handle" column). During the update all existing entries in this table will be removed, but the table only stores temporary data and therefore the change is not expected to affect site operation or OpenID logins.
- A new, optional $form_state['programmed_bypass_access_check'] element has been added to the form API, for use with drupal_form_submit(). If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them like it normally does for programmatic form submissions. Any code which passes untrusted data (provided by the current user) to drupal_form_submit() is recommended to use this parameter for security reasons.