drupal 7.27

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2014-002 - Drupal core - Information Disclosure

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

Known issues:

• This release caused a JavaScript error which breaks Ajax requests in very old browsers (for example, Internet Explorer 8 and earlier); see this issue for details. The solution is to upgrade to Drupal 7.28.
• This release caused the Multiple Forms module to stop working correctly (see issue). The solution is to upgrade to Multiple Forms 7.x-1.1 or higher.
• See below for small API changes which may affect sites that expose Ajax or multi-step forms to anonymous users on cached pages (where the page is cached either by Drupal or by an external system). In most cases, serious regressions are not expected and the changes are not critical, but they could be required for anonymous users to be able to properly use these Ajax or multi-step forms.

Major changes since 7.26:

• Modules which use custom Ajax form page callbacks require updates for Drupal 7.27
  This is expected to affect several popular modules such as Field Collection (issue) and Hierarchical Select (issue), although only in cases where the form widgets provided by those modules are exposed to anonymous users.

• Modules which provide alternative page cache implementations require updates for Drupal 6.31 and Drupal 7.27
  This is expected to affect modules such as Boost and Authcache.

• form_set_cache() now validates the passed-in form build ID
  This is not expected to affect most sites.