Download drupal-7.40.tar.gztar.gz 3.11 MB
MD5: d4509f13c23999a76e61ec4d5ccfaf26
SHA-1: 056bdffcfe24159922ce4f09b6c3e0b3f6bf6e31
SHA-256: 8a9adf21d88026f2947c84a18922c40f5bbb8f5d89d08b1991b11006003fafce
Download drupal-7.40.zipzip 3.58 MB
MD5: ce9df1b954e3343775444abfd29f9c68
SHA-1: 2d767efac0578a5cb528c5eeb2f57b262732e13c
SHA-256: 965b2ee1297c7f7e4dc80df08ed231fe50ef1c8447dda99f67939a2922af453d

Release info

Created by: David_Rothstein
Created on: 14 Oct 2015 at 23:37 UTC
Last updated: 11 Jan 2016 at 21:46 UTC
Core compatibility: 7.x
Release type: Bug fixes, New features

Release notes

Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major new functionality); major, non-backwards-compatible new features are only being added to the forthcoming Drupal 8.0 release.

No security fixes are included in this release.

No changes have been made to the web.config or robots.txt files in this release, so upgrading custom versions of those files is not necessary.

There is one change to the .htaccess file in this release:

  1. A change to set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type (see #462950).

Upgrading custom versions of the .htaccess file to incorporate this change is strongly recommended.

There are two changes to the default settings.php file in this release:

  1. A change to exclude private files from the "404_fast_paths" behavior. This is useful primarily for sites which call drupal_fast_404() directly from settings.php (see #2455057).
  2. A documentation change to make it easier for development sites to enable the 'theme_debug' feature via settings.php (see #2538640).

Upgrading the settings.php files on existing sites is recommended but not required.

Known issues:

None.

Major changes since 7.39:

  • Added an optional 'project:' prefix that can be added to dependencies in a module's .info file to indicate which project the dependency resides in (API addition: https://www.drupal.org/node/2299747).
  • Prevented the database API from executing multiple queries at once on MySQL, if the site's PHP version is new enough to do so. This is a secondary defense against SQL injection (API change: https://www.drupal.org/node/2463973).
  • Changed the default thousand marker for numeric fields from a space ("1 000") to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
  • Made Drupal's code for parsing .info files run much faster and use much less memory.
  • Prevented drupal_http_request() from returning an error when it receives a 201 through 206 HTTP status code.
  • Added support for autoloading traits via the registry on sites running PHP 5.4 or higher.
  • Allowed the user-picture.tpl.php theme template to have HTML classes besides the default "user-picture" class printed in it (markup change).
  • Fixed the URL text filter to convert e-mail addresses with plus signs into mailto: links.
  • Added alternate text to file icons displayed by the File module, to improve accessibility (string change, and minor API addition to theme_file_icon()).
  • Changed one-time login link failure messages to be displayed as errors or warnings as appropriate, rather than as regular status messages (minor UI change and data structure change).
  • Changed the default settings.php configuration to exclude private files from the "404_fast_paths" behavior.
  • Changed the page that displays filter tips for a particular text format, for example filter/tips/full_html, to return "page not found" or "access denied" if the format does not exist or the user does not have access to it. This change adds a new menu item to the Filter module's hook_menu() entry (minor data structure change).
  • Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the cache keys used for caching a particular block.
  • Made drupal_set_message() display and return messages when "0" is passed in as the message to set.
  • Fixed non-functional "Files displayed by default" setting on file fields.
  • The "worker callback" provided in hook_cron_queue_info() and the "finished" callback specified during batch processing can now be any PHP callable instead of just functions.
  • Prevented drupal_set_time_limit() from decreasing the time limit in the case where the PHP maximum execution time is already unlimited.
  • Prevented malformed theme .info files (without a "name" key) from causing exceptions during menu rebuilds. If an .info file without a "name" key is found in a module or theme directory, Drupal will now use the module or theme's machine name as the display name instead.
  • Made the format column in the {date_format_locale} database table case-sensitive, to match the equivalent column in the {date_formats} table.
  • Fixed a bug in the Statistics module that caused JavaScript files attached to a node while it is being viewed to be omitted from the page.
  • Fixed various bugs that occurred after hooks were invoked early in the Drupal bootstrap and that caused module_implements() and drupal_alter() to cache an incomplete set of hook implementations for later use.
  • Set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type.
  • Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade to fail when there were multiple file records pointing to the same file.

All changes since 7.39:

  • #2579625 by laurencemercer: Typo in file_validate_image_resolution() doc
  • #1816008 by Kuldip Gohil, cam8001, jhodgdon, peterx: drupal_cron_run() @return parameter documentation incorrect, should specify that the function returns TRUE or FALSE
  • #2583743 by jcnventura: Correct required version of SQLite in INSTALL.txt
  • #911352 by Liam Morland, Sylvain Lecoy, Joe Murray, Crell: Document that foreign keys may not be used by all drivers
  • #2393569 by talhaparacha, vbouchet: document which of hook_entity_info() 'entity keys' get filled in and what the defaults are
  • #2115737 by darol100, owenpm3, rhuffstedtler, andythomnz, jemandy, ijf8090, zealfire, er.pushpinderrana, jhodgdon, corbacho, spitcher, abenamer, holingpoon, ay1n: Make the text in modules, themes, and profiles README.txt files more user-friendly
  • #2516842 by er.pushpinderrana, thejacer87, jhodgdon: UPGRADE.txt should explain where to find release notes
  • #2549879 by cbiggins, cilefen: Small grammatical error in bootstrap.inc
  • #1842528 by cferthorney, owenpm3, jhodgdon: description of hook_user_categories() is incorrect
  • #2550219 by Pravin Ajaaz, jhodgdon, Anybody: hook_user_cancel_methods_alter() should say 'access' rather than '#access'
  • #2538158 by joyceg: Clarify in which file hook_modules_installed should be implemented
  • #2140157 by rbp, jhodgdon, joachim: menu return constants not properly explained - MENU_NOT_FOUND, MENU_ACCESS_DENIED
  • #2512582 by dorficus, jhodgdon, joachim: theme_link() parameters missing detail
  • #2530872 by orbmantell, TravisCarden: Improve documentation of drupal_get_schema() and drupal_get_schema_unprocessed()
  • #2507911 by naveenvalecha, mikebell_, dylanf, deepakaryan1988, kfitz, jhodgdon, webchick, Charles Belov: Mention location of settings.php in UPGRADE.txt
  • #2510674 by er.pushpinderrana, joachim, cilefen: menu_get_item() should say that $path is optional and what the default is
  • #2499823 by dylanf, ryanissamson: Minor CHANGELOG.txt formatting
  • #2325055 by darol100, joshi.rohit100, jhodgdon, Bevan: hook_prepare() example is not useful
  • #2195183 by cleaver, zopa, elgordogrande, sandykadam, jhodgdon, joachim, Eda: document Batch API callbacks as callback implementations
  • #2488750 by lalweil: Typo in DatabaseConnection::query
  • #2480805 by JacobSanford, eiriksm, jhodgdon: The function doc block for image_style_deliver is missing a parameter
  • #2369675 by FMB, pstewart, jhodgdon: Document that SearchQuery does not support orderBy in queries outside of addScore
  • #2462681 by jessebeach, klausi, Manjit.Singh: Remove jessebeach from MAINTAINERS.txt
  • #2491333 by opdavies, Mac_Weber, jhodgdon: Update MAINTAINERS.txt to use human URLs
  • #2146643 by quicksketch: Speed up drupal_parse_info_format() 3x and reduce memory 95%
  • #2513646 by pwolanin, naveenvalecha, alexpott: Role name is unescaped on block admin via JS
  • #2350033 by murrayw, kenorb: drupal_http_request thinks 201 through 206 status codes are an error
  • #955658 by Refineo, dswier, steinmb, emorency, filijonka, yched, Bevan: Undefined index: module in FieldInfo::prepareInstanceDisplay()
  • #1576552 by jhedstrom, jcisio, markie: Prevent PHP notices in path_node_insert/update if $node->path is defined but $node->path['alias'] is not
  • #2581743 by carstenG: Missing space in block module
  • #2512210 by trgreen17, naveenvalecha, David_Rothstein, jhodgdon, liberatr: SimpleTest - WebTestBase method creates binary-text files when the intention was to create text files, and text file creation is broken
  • #2508055 by Dave Reid, David_Rothstein, hussainweb: Add support for autoloading Traits
  • #1592688 by jgtrescazes, tstoeckler, eric.chenchao, fietserwin, Heine, stefan.r, Dmitriy.trt, lachezar.valchev, bogdan khrupa: #states can cause the form "required" mark to appear more than once on the same element
  • #2313085 by tkuldeep17: Can't add class to user picture by template_preprocess_user_picture as class attribute has hard coded in user picture tpl file
  • #2392109 by jacob.embree, sumitmadan, ByronNorris, dcmul, ckaotik, jhedstrom: Filter: Allow plus sign in email addresses
  • #2163209 by mgifford, David_Rothstein, andrewmacpherson, talhaparacha, dcam, Charles Belov, davidhernandez, jwhitsit: Add alternate text to file icon
  • #2559335 by epophoto, cilefen, andrewmk: password-hash.sh is hardcoded to use "/usr/bin/php"
  • #2500717 by afi13, cilefen, evilfurryone: Sort entries in the site status report page alphabetically, BUT case-insensitively
  • #2538640 by rrrob, dawehner: Add theme_debug to default.settings.php
  • #2477641 by opdavies, markpavlitski, pguillard, sivaji@knackforge.com, kaypro4, gyuhyon, edutrul, yoroy: One-time login link failure messages are misleading because they are not marked as errors
  • #2455057 by michaellenahan, jhodgdon, jelo: Fix fast 404 settings for private image files
  • #1647440 by chrisrockwell, Dave Reid, greggles: Fix PHP notice if invalid format ID requested at filter/tips/format-id
  • #1534490 by msonnabaum, bigjim, David_Rothstein, pounard, Dave Reid: Make block cache cids alterable
  • #1845104 by dcam, longwave, thehong, er.pushpinderrana, martin_q, David_Rothstein: drupal_set_message('0') results in no output rather than outputting "0"
  • #2494403 by tonystar: $field_types is not initialized in drupal_schema_field_types()
  • #2060553 by jhodgdon, sivaji@knackforge.com, manningpete: Test that searching for HTML entities works as expected
  • #1520716 by lokapujya, djdevin, David Lesieur, cwells, jhedstrom: "Files displayed by default" not respected
  • #2254235 by AohRveTPV, mahtoranjeet, er.pushpinderrana, yogen.prasad, ashutoshsngh, Manjit.Singh, Charles Belov, nod_, droplet: Don't include leading and trailing spaces in password strength
  • #1719280 by GuyPaddock, Robin Millette: Undefined index warning in user_menu_link_alter() when manually adding a "user" path as a shortcut
  • #1514088 by DamienMcKenna: Minor comment formatting inconsistencies in cache.inc
  • #2486643 by AlexKirienko: Undefined index: nid in main() in statistics.php
  • #1737714 by legovaer, rlhawk: Help text does not display when editing an image effect
  • #890934 by sandipmkhairnar, reglogge: Garland uses $vars instead of $variables
  • #2342667 by claudiu.cristea, Dave Reid, ndobromirov: Cron and batch processing of queues are not accepting callables
  • #2483025 by joshi.rohit100, dcam: Remove 'has_body' and 'body_label' from drupalCreateContentType()
  • #2233929 by alexpott, Dave Reid, Berdir, YesCT: drupal_set_time_limit should not be able to change the time limit if it's already unlimited
  • #1275978 by pillarsdotnet, Zgear, cck, dcam: The thousand_separator for numeric fields should default to '' (nothing) instead of ' ' (space)
  • #619542 by dcrocks, bfroehle, catch, amontero, jayeshanandani, malcomio, JohnAlbin, olamaekle: Malformed theme .info files break menu_router generation
  • #2511306 by ElusiveMind, JeroenT, leolando.tan, cilefen, charginghawk: Error: Call to a member function getElementsByTagName() in filter.module when filter_dom_serialize() is passed an empty document.
  • #1973262 by cilefen, Matt V., David_Rothstein, Anybody, Rob230: User pages display incorrect title instead of "Menu link title" when link paths are added to a default menus
  • #2376239 by david_garcia, dobe: "format" field in table "date_format_locale" should be case sensitive
  • #2470525 by berenddeboer, osman: statistics_node_view overwrites #attached JavaScript
  • #2205271 by trobey, jhedstrom, hass, alexpott, chx, joachim, jhodgdon: Add an optional project namespace for dependencies
  • #2017433 by LinL, BarisW, coredumperror: The documentation for hook_ranking() is wrong
  • #496170 by stefan.r, chx, Fabianx, jbrauer, David_Rothstein, roderik, rwohleb, pounard, kenorb, Jose Reyero, joelpittet, catch: module_implements() cache can be polluted by module_invoke_all() being called (in)directly prior to full bootstrap completion
  • #2263365 by donquixote, smccabe, longwave, alexpott, joelpittet, Fabianx, mikeytown2, joseph.olstad, sun: Second loop in module_implements() was being repeated for no reason (performance improvement)
  • #462950 by pwolanin, Pere Orga: Mitigate the security risks that come from IE, Chrome and other browsers trying to sniff the mime type
  • #2364629 by gaurav.goyal, cilefen, dcam: After deletion of built-in administrator role the default admin role is not shown as disabled
  • #2388255 by dawehner, pwolanin, hussainweb, greggles: Limit PDO MySQL to executing single statements if PHP supports it
  • #1260938 by dawehner, David_Rothstein, flaviovs, Fabianx, pfrenssen, boran, jelo, neclimdul, scorchio, Berdir, vijaycs85: D6 to D7 update can fail on duplicate files in system update #7061
  • #2500101 by David_Rothstein: sites/all/modules/README.txt should not imply that clearing caches always works after moving a module to a new subdirectory
  • #667058 followup by TwoD: Fix "JavaScript" typo in sites/all/libraries/README.txt.
  • #2425325 by cleaver, JacobSanford: Batch API example code has wrong finished callback