Download drupal-7.31.tar.gztar.gz 3.07 MB
MD5: de256f202930d3ef5ccc6aebc550adaf
SHA-1: 9fdced7e664f6482c99d3461d95e469ea5f9425e
SHA-256: 6af4849fd2e1fd0a186a5264de10613e57b84c69dbe7dec0754472d27f37af40
Download drupal-7.31.zipzip 3.5 MB
MD5: 6076d317f6b1c7656f02c6cff81ff390
SHA-1: 2c41b3bf4c7819f3531e1debdcd14dad74a532d9
SHA-256: c322d3238c17bc4132499cb908fdf93cb45db53700779de9aba2a3f529145f9d

Release info

Created by: David_Rothstein
Created on: 6 Aug 2014 at 17:31 UTC
Last updated: 11 Jan 2016 at 21:45 UTC
Core compatibility: 7.x
Release type: Security update

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

Known issues:


Major changes since 7.30:

  1. As of this release, the XML-RPC system in Drupal core will ignore information in <?xml> declarations contained within XML-RPC messages (for example, XML version or character encoding information). This is not expected to matter for the vast majority of use cases.
  2. The XML-RPC system and OpenID XRDS parser will also reject messages that contain over 30,000 XML tags within them. This limit is not expected to matter for the vast majority of use cases. If you need to process an XML-RPC message that is larger than that, you can change the limit by setting the "xmlrpc_message_maximum_tag_count" variable to a higher value. For example, in settings.php:
      // Allow XML-RPC messages with up to 50,000 XML tags to be processed.
      $conf['xmlrpc_message_maximum_tag_count'] = 50000;

    Do not set the value higher than you need, since allowing too many XML tags per XML-RPC message increases your site's vulnerability to denial of service attacks.

    The OpenID XRDS parser has a similar variable ("openid_xrds_maximum_tag_count") which can be used in a similar way.