diff --git a/core/CHANGELOG.txt b/core/CHANGELOG.txt index 8600cea..a3e3ebd 100644 --- a/core/CHANGELOG.txt +++ b/core/CHANGELOG.txt @@ -176,11 +176,6 @@ Drupal 8.0.0, 2015-11-19 - Removed XML-RPC functionality from core. - Removed user signatures support from core. - Added ability to generate and validate Universally Unique IDentifiers (UUIDs). -- Tremendously improved language support all around: -- Removed backwards-compatibility with 'magic_quotes_gpc'/'magic_quotes_runtime' - PHP configuration settings. Both are required to be disabled. -- Universally Unique IDentifier (UUID): - * Support for generating and validating UUIDs. - JavaScript changes: * Updated to jQuery 2.1.4. * Added jQuery Cookie 1.4.1, A simple, lightweight utility plugin for diff --git a/core/CHANGELOG.txt.orig b/core/CHANGELOG.txt.orig deleted file mode 100644 index 64ad167..0000000 --- a/core/CHANGELOG.txt.orig +++ /dev/null @@ -1,1363 +0,0 @@ -Drupal 8.1.3, 2016-06-15 ------------------------- -- Fixed security issue. SA-CORE-2016-002. - -Drupal 8.1.0, 2016-04-20 ------------------------- -- Removed Composer-managed vendor from the git repository: - * Drupal.org packager adds dependencies to zip and tar package. This can be - used without any further steps. - * When not using zip / tar files, e.g. when using a git clone, run composer - install to get dependencies. - * See https://www.drupal.org/documentation/install/download#git - for instructions. -- Added vendor libraries: - * Added Symfony Polyfill Iconv 1.1.0. - * Added paragonie/random_compat 1.4.1. -- Updated vendor libraries: - * Updated to the last 2.x minor version of Symfony: 2.8 (2.8.4). - * Updated to CKEditor 4.5.8. - * Updated to Modernizr 3.3.1. -- Added modules: - * Added the Migrate Drupal UI module (experimental) to provide a UI for - migrating content and configuration from Drupal 6 and Drupal 7. - * Added the BigPipe module (experimental) to improve perceived performance. -- Improved authoring features: - * Enabled browsers' (native) spell checker in CKEditor. - * Added language toolbar button in CKEditor for identifying the language of - text parts. -- Improved site administration experience: - * Improved admin/help page to be more flexible and list tours on it. -- Improved site building features: - * Added a "Rendered entity" field handler in Views. -- Improved distribution building features: - * Added support for distributions to specify an installation language. -- Improved developer APIs: - * Added local ID and revision fields to HAL web service output. - * Added support for image toolkits to be defined with plugin derivatives, - reducing the code needed to extend them. - * Simplified Migrate API by replacing migration configuration entities with - migration plugins. - * Various improvements for defining entity types: - * Added support for entity types to specify translatable plural labels. - * Added a revision log interface and trait for revisionable entity types. - * Added key field definitions to ContentEntityBase, reducing code from - child classes. - * Added generic route providers for add-page and add-form entity routes, - reducing the code needed to define an entity type. -- Testing improvements: - * Added support for automated JavaScript testing. - * Added verbose output for BrowserTestBase. - * Improved reporting of PHPUnit results. - -Drupal 8.0.0, 2015-11-19 ------------------------- -- Significantly improved the front end: - * Made all built-in themes responsive. - * Added support for responsive images. - * Made built-in tables responsive with three levels of column importance. - * Added Twig as the default template engine and converted all .tpl.php - templates and theme functions to .html.twig. - * Removed the PHPTemplate engine. - * Several large scale cleanups of the markup produced by Drupal. - * Added Classy as a base theme to maintain CSS classes and wrappers. - * Added Stable as the default base theme to maintain backwards compatibility - for core template and CSS changes, because templates and CSS outside - Stable can be improved in minor releases (8.1.0, 8.2.0, etc.). - * Redesigned several key elements of the Seven theme. - * Added support for HTML5 elements. - * Included Backbone.js and Underscore.js JavaScript frameworks. - * Updated to jQuery 2.1.4. - * Updated to jQuery UI 1.11.4. - * Removed jquery.bbq. - * Removed the Garland theme from core. - * Removed the Overlay module from core and replaced it with a simple, - dynamic "Back to site" link. - * Improved the asset library system to manage CSS and JavaScript files and - their dependencies. Allowing for smaller AJAX request payloads. - * jQuery is no longer loaded on all pages, only when another asset needs it. - * No JavaScript is loaded at all for anonymous users by default, for faster - page loads. - * Implemented SMACSS-style categorization for CSS files. - * Removed most support for Internet Explorer 8 and below. - * Added Modernizr for making styling changes based on browser support. - * All page template variables converted to blocks (title, breadcrumb, - branding, etc). - * Added the Breakpoint module to manage breakpoints of responsive designs. - * Introduced native Schema.org output in pages. - * Made use of semantic HTML 5 tags when possible. This also makes form input - on mobile devices much easier for users. - * Redesigned icons to look good on high resolution (retina) displays too. -- Made the site administration experience simpler: - * Redesigned the installer. - * Visually updated and extended the Seven (administration) theme. - * Made the administration toolbar responsive and touch friendly. - * Added search to the module listing and made the page easier to read. - * Added the tour module to provide highly contextual tips for UI elements. -- Improved the entity system: - * Added a full CRUD API for entities. - * Improved the field API and entity query API. - * Added support for widgets, formatters, and translation to base entity - fields (such as labels). - * Made view modes configurable for reusable display variants. - * Introduced form modes for reusable form variants. - * Added ability to handle a "default" revision that may not be the latest. - * All content entity types (custom blocks, terms, comments, etc.), not just - nodes, have support for revisions. - * Database schema of content entities is automatically generated based on - entity type and field definitions. -- Added the Typed Data system to manage complex types. -- Refactored routing system based on Symfony2 components. -- Made declarative information (libraries, permissions, routes etc.) use YAML - files for definitions instead of PHP. -- Improved the menu handling systems: - * Moved custom menu item handling to its own module. - * Reworked menu links, local actions, and local tasks based upon the new - routing system. -- Added plugin system to standardize implementation of several core APIs. -- Introduced a new configuration management system: - * Added a centralized configuration system with export and import - functionality. - * Allowed module authors to provide configuration in a YAML file format. - * Implemented functionality to get, set, add, and remove configuration. - * Provided the ability to override configuration values with language - variants and other runtime values. - * Added configuration schema, dependencies, and validation to maintain - data integrity between deployments and updates. - * Support added for both global configuration and configuration entities. -- Improved authoring experience: - * Redesigned the content creation and editing form. - * Content preview is now displayed on the frontend. - * Added the CKEditor WYSIWYG editor. Clean markup guaranteed thanks to tight - integration with the filter system. - * Made uploading, aligning, and captioning of images possible in the editor. - * Modernized the default text formats. - * Added a drag-and-drop configuration UI, which automatically updates the - HTML filter settings, making configuring text formats trivial for typical - use cases. - * Added align and caption filters that can be applied to any element: - images, blockquotes, code snippets, videos… - * Made possible to in-place edit any entity: nodes, blocks… - * Added the Text Editor module to help map other editors to text formats. -- Improved media management: - * Added ability to configure when unused files get deleted with the option - to keep them, useful for media libraries. - * Added a customizable view under the content administration screen that - lists all files uploaded on the system. - * Made uploads immediate when selecting files in file fields. - * Added ability to upload multiple files at once. - * Added local image input filter, to enable secure image posting. -- Included the following Symfony2 components: - * ClassLoader - PSR-0-compatible autoload routines. - * DependencyInjection - Flexible dependency injection container. - * EventDispatcher - Object-oriented lightweight event handling system. - * HttpFoundation - Abstraction objects for HTTP requests and responses. - * HttpKernel - Core system for managing incoming HTTP request and responses. - * Process - Allows for executing commands in a sub-process. - * Routing - Framework for mapping incoming requests to controller - information. - * Serialization - Serialize complex nested objects into JSON/XML etc. - * Validator - Ensure that an object is in a valid state based upon some - validation rules defined for it. - * Yaml - Parser for YAML files. -- Added routing component from Symfony CMF. -- Added Guzzle HTTP library. -- Added Zend Feed component. -- Removed modules from core. - * The following modules have been removed from core, because contributed - modules with similar functionality are available: - * Blog - * Dashboard - * OpenID - * Poll - * Profile - * Trigger -- Removed the Statistics module's accesslog functionality and reports. -- Removed XML-RPC functionality from core. -- Removed user signatures support from core. -- Added ability to generate and validate Universally Unique IDentifiers (UUIDs). -- Tremendously improved language support all around: - * Great language improvements for users: - * Improved language selection with user preference detection in the - installer based on browser settings. - * The installer is presented in the user's native language. - * Moved base language support to Language module. - * Greatly simplified the interface for setting up languages. - * Improved browser language detection considerably. - * Language domain and path prefix configuration simplified and - centralized; path prefix detection is now default. - * Added HTML 5 language markup; language information added in markup in - several more places. - * Made it possible to assign external language codes to local languages. - * Introduced the possibility of an administration-specific language - preference for users. - * Language selection fallback language is now independently configurable - without needing to change the site default language. - * Simplified and added new features in interface translation: - * Made interface translation directly accessible from the language list. - * Centralized interface translation import to one directory. - * Drupal can now be translated to English and English can be deleted. - * Much improved built-in translation interface. - * Added support for singular/plural discovery and translation. - * Customized translations are tracked so your modifications can - be identified and protected from translation update overwrites. - * All Gettext files are now imported in chunks, better for low resource - environments. - * Automated import and update of translations in the installer and later. - * Improved content language support: - * Made it possible to assign language to taxonomy terms, vocabularies, - menu items, and files. - * Added a field translation based content translation module that applies - to all content entities. - * Removed the old node-copy based content translation module. - * Introduced language defaults configuration for each entity type and - subtype. - * Added entity language variance support to search module. - * Search indexing and query preprocessors now get language information. - * Unified content translation permission granularity with content editing - permissions. - * Made the language selector freely orderable in entity forms. - * Better configuration language support - * Added language selectors to most configuration options (views, menus, - etc.) - * Added a configuration translation user interface that works with any - configuration with translatable values (blocks, views, fields, etc.). - * Added language options to block visibility. - * Much improved language APIs for developers: - * Made it possible for users to have a preferred language separate from - their user entity language. - * The text formatter from t() is now available as FormattableMarkup. - * Added support for interface translation contexts in Drupal.t(), - Drupal.formatPlural() as well as routing, tabs, actions, shipped - menu items and contextual links. - * Removed textgroups support from interface translation in favor of - native configuration language support. - * Added a transliteration API. (Only used for machine names in core.) - * Added a language fallback capability to the interface translation API. -- New field types added to core: - * Email - * Link - * Telephone number - * Entity reference - * Date -- Made commenting more flexible: - * Added the notion of comment types (for reviews, greetings, and so on), - each of which can be configured with a different set of fields. - * Made commenting a field to allow comment threads on entity types other - than nodes. -- Added Views and Views UI module to core: - * Added simple bulk operations functionality to Views. - * Converted various core listings to views, including /node, - /admin/content/node, /admin/people, and several blocks. - * Built in REST API support. - * Rewrote caching integration for better performance. - * Made it possible to configure responsive tables in Views. -- Greatly improved block management: - * Made custom blocks fieldable, revisionable, and translatable entities. - * Added the notion of custom block types. - * Added the ability to place the same block in multiple locations. - * Introduced a block library with categorized blocks. -- Introduced an accessible modal API based on improvements made in collaboration - with the jQuery UI team. -- Made it possible to add fields to contact forms allowing site-builders to - easily build custom forms for soliciting feedback from users. -- Added a Web Services module package. - * Added a RESTful web services provider module. - * Added a serialization module using the Symfony serialization component. - * Added a Hypertext Application Language (HAL) serialization module. - * Added a HTTP Basic authentication provider module. -- Improved performance/scalability significantly: - * Introduced cache tags, which allow content to be invalidated accurately - and instantly, including for reverse proxies and CDNs. - * Added cache contexts, which allow content to be cached correctly, and - placeholdered to improve cache hit rates. - * Implemented cacheability bubbling, which allows strict tracking of assets - and cacheability throughout page rendering. - * Factored out page caching to its own module and enabled it by default. - * Added the Dynamic Page Cache module for authenticated page caching and - enabled it by default. - * Added APCu, memory, and PHP file caching backends to core, alongside - support for a chained, consistent cache backend to support correctly using - fast local cache implementations with multiple web servers. -- Removed support for MyISAM, when using MySQL. -- Testing improvements - * Added PHPUnit for proper unit testing, see - https://phpunit.de/manual/4.8/en/index.html so you can run tests via - your IDE. - * Added BrowserTestBase as an alternative to simpletest for browser - testing (JavaScript support to be included in the future) - * Added KernelTestBase to provide a fast API testing of integration of - different components - * Core branch nightly tests include PHP 5.5, 5.6, 7, sqlite and PostgreSQL. -- Added the migrate module (experimental) with support for migrating content and - configuration from earlier Drupal versions. -- Introduced support for Composer. -- Moved the automated cron execution functionality to its own module. -- Refactored IP address based banning functionality to its own module. -- Security improvements: - * Removed PHP filter, including the ability to use PHP for block visibility. - * Managing fields for each entity type is now a separate permission. - * PDO drivers other than MySQL are now limited to executing single - statements to limit SQL injection vectors. - * Added an autoescape API to prevent cross-site scripting in many of the - places where Drupal outputs HTML. - * Hardened user session and session ID handling. - * Automated CSRF protection in route definitions. - * Clickjacking protection enabled by default. - * Made the core JavaScript API compatible with Content Security Policy - (CSP). - * Trusted host patterns enforced for requests preventing cache and link - poisoning. -- Switched to semantic versioning with significant updates planned every 6 - months in 8.1, 8.2, etc. -- Numerous other important changes and additions. See - https://www.drupal.org/list-changes/drupal for a detailed list. -- Numerous bug fixes. -- Numerous API documentation improvements. -- Additional automated test coverage. - -Drupal 7.0, 2011-01-05 ----------------------- -- Database: - * Fully rewritten database layer using PHP 5's PDO abstraction layer. - * Drupal now requires MySQL >= 5.0.15 or PostgreSQL >= 8.3. - * Added query builders for INSERT, UPDATE, DELETE, MERGE, and SELECT queries. - * Support for primary/replica replication, transactions, multi-insert - queries, and other features. - * Added support for the SQLite database engine. - * Default to InnoDB engine, rather than MyISAM, on MySQL when available. - This offers increased scalability and data integrity. -- Security: - * Protected cron.php -- cron will only run if the proper key is provided. - * Implemented a pluggable password system and much stronger password hashes - that are compatible with the Portable PHP password hashing framework. - * Rate limited login attempts to prevent brute-force password guessing, and - improved the flood control API to allow variable time windows and - identifiers for limiting user access to resources. - * Transformed the "Update status" module into the "Update manager" which - can securely install or update modules and themes via a web interface. -- Usability: - * Added contextual links (a.k.a. local tasks) to page elements, such as - blocks, nodes, or comments, which allows to perform the most common tasks - with a single click only. - * Improved installer requirements check. - * Improved support for integration of WYSIWYG editors. - * Implemented drag-and-drop positioning for input format listings. - * Implemented drag-and-drop positioning for language listing. - * Implemented drag-and-drop positioning for poll options. - * Provided descriptions and human-readable names for user permissions. - * Removed comment controls for users. - * Removed display order settings for comment module. Comment display - order can now be customized using the Views module. - * Removed the 'related terms' feature from taxonomy module since this can - now be achieved with Field API. - * Added additional features to the default installation profile, and - implemented a "slimmed down" profile designed for developers. - * Added a built-in, automated cron run feature, which is triggered by site - visitors. - * Added an administrator role which is assigned all permissions for - installed modules automatically. - * Image toolkits are now provided by modules (rather than requiring a - manual file copy to the includes directory). - * Added an edit tab to taxonomy term pages. - * Redesigned password strength validator. - * Redesigned the add content type screen. - * Highlight duplicate URL aliases. - * Renamed "input formats" to "text formats". - * Moved text format permissions to the main permissions page. - * Added configurable ability for users to cancel their own accounts. - * Added "vertical tabs", a reusable interface component that features - automatic summaries and increases usability. - * Replaced fieldsets on node edit and add pages with vertical tabs. -- Performance: - * Improved performance on uncached page views by loading multiple core - objects in a single database query. - * Improved performance for logged-in users by reducing queries for path - alias lookups. - * Improved support for HTTP proxies (including reverse proxies), allowing - anonymous page views to be served entirely from the proxy. -- Documentation: - * Hook API documentation now included in Drupal core. -- News aggregator: - * Added OPML import functionality for RSS feeds. - * Optionally, RSS feeds may be configured to not automatically generate feed blocks. -- Search: - * Added support for language-aware searches. -- Aggregator: - * Introduced architecture that allows pluggable parsers and processors for - syndicating RSS and Atom feeds. - * Added options to suspend updating specific feeds and never discard feeds - items. -- Testing: - * Added test framework and tests. -- Improved time zone support: - * Drupal now uses PHP's time zone database when rendering dates in local - time. Site-wide and user-configured time zone offsets have been converted - to time zone names; for example, Africa/Abidjan. - * In some cases the upgrade and install scripts do not choose the preferred - site default time zone. The automatically-selected time zone can be - corrected at admin/config/regional/settings. - * If your site is being upgraded from Drupal 6 and you do not have the - contributed date or event modules installed, user time zone settings will - fallback to the system time zone and will have to be reconfigured by each user. - * User-configured time zones now serve as the default time zone for PHP - date/time functions. -- Filter system: - * Revamped the filter API and text format storage. - * Added support for default text formats to be assigned on a per-role basis. - * Refactored the HTML corrector to take advantage of PHP 5 features. -- User system: - * Added clean API functions for creating, loading, updating, and deleting - user roles and permissions. - * Refactored the "access rules" component of user module: The user module - now provides a simple interface for blocking single IP addresses. The - previous functionality in the user module for restricting certain email - addresses and usernames is now available as a contributed module. Further, - IP address range blocking is no longer supported and should be implemented - at the operating system level. - * Removed per-user themes: Contributed modules with similar functionality - are available. -- OpenID: - * Added support for Gmail and Google Apps for Domain identifiers. Users can - now log in with their user@example.com identifier when example.com is - powered by Google. - * Made the OpenID module more pluggable. -- Added code registry: - * Using the registry, modules declare their includable files via their .info file, - allowing Drupal to lazy-load classes and interfaces as needed. -- Theme system: - * Removed the Bluemarine, Chameleon and Pushbutton themes. These themes live - on as contributed themes (https://www.drupal.org/project/bluemarine, - https://www.drupal.org/project/chameleon and - https://www.drupal.org/project/pushbutton). - * Added Stark theme to make analyzing Drupal's default HTML and CSS easier. - * Added Seven as the default administration theme. - * Variable preprocessing of theme hooks prior to template rendering now goes - through two phases: a 'preprocess' phase and a new 'process' phase. See - http://api.drupal.org/api/function/theme/7 for details. - * Theme hooks implemented as functions (rather than as templates) can now - also have preprocess (and process) functions. See - http://api.drupal.org/api/function/theme/7 for details. - * Added Bartik as the default theme. -- File handling: - * Files are now first class Drupal objects with file_load(), file_save(), - and file_validate() functions and corresponding hooks. - * The file_move(), file_copy() and file_delete() functions now operate on - file objects and invoke file hooks so that modules are notified and can - respond to changes. - * For the occasions when only basic file manipulation are needed--such as - uploading a site logo--that don't require the overhead of databases and - hooks, the current unmanaged copy, move and delete operations have been - preserved but renamed to file_unmanaged_*(). - * Rewrote file handling to use PHP stream wrappers to enable support for - both public and private files and to support pluggable storage mechanisms - and access to remote resources (for example, S3 storage or Flickr photos). - * The mime_extension_mapping variable has been removed. Modules that need to - alter the default MIME type extension mappings should implement - hook_file_mimetype_mapping_alter(). - * Added the hook_file_url_alter() hook, which makes it possible to serve - files from a CDN. - * Added a field specifically for uploading files, previously provided by - the contributed module FileField. -- Image handling: - * Improved image handling, including better support for add-on image - libraries. - * Added API and interface for creating advanced image thumbnails. - * Inclusion of additional effects such as rotate and desaturate. - * Added a field specifically for uploading images, previously provided by - the contributed module ImageField. -- Added aliased multi-site support: - * Added support for mapping domain names to sites directories. -- Added RDF support: - * Modules can declare RDF namespaces which are serialized in the tag - for RDFa support. - * Modules can specify how their data structure maps to RDF. - * Added support for RDFa export of nodes, comments, terms, users, etc. and - their fields. -- Search engine optimization and web linking: - * Added a rel="canonical" link on node and comment pages to prevent - duplicate content indexing by search engines. - * Added a default rel="shortlink" link on node and comment pages that - advertises a short link as an alternative URL to third-party services. - * Meta information is now alterable by all modules before rendering. -- Field API: - * Custom data fields may be attached to nodes, users, comments and taxonomy - terms. - * Node bodies and teasers are now Field API fields instead of - being a hard-coded property of node objects. - * In addition, any other object type may register with Field API - and allow custom data fields to be attached to itself. - * Provides most of the features of the former Content Construction - Kit (CCK) module. - * Taxonomy terms are now Field API fields that can be added to any fieldable - object. -- Installer: - * Refactored the installer into an API that allows Drupal to be installed - via a command line script. -- Page organization - * Made the help text area a full featured region with blocks. - * Site mission is replaced with the highlighted content block region and - separate RSS feed description settings. - * The footer message setting was removed in favor of custom blocks. - * Made the main page content a block which can be moved and ordered - with other blocks in the same region. - * Blocks can now return structured arrays for later rendering just - like page callbacks. -- Translation system - * The translation system now supports message context (msgctxt). - * Added support for translatable fields to Field API. -- JavaScript changes - * Upgraded the core JavaScript library to jQuery version 1.4.4. - * Upgraded the jQuery Forms library to 2.52. - * Added jQuery UI 1.8.7, which allows improvements to Drupal's user - experience. -- Better module version support - * Modules now can specify which version of another module they depend on. -- Removed modules from core - * The following modules have been removed from core, because contributed - modules with similar functionality are available: - * Blog API module - * Ping module - * Throttle module -- Improved node access control system. - * All modules may now influence the access to a node at runtime, not just - the module that defined a node. - * Users may now be allowed to bypass node access restrictions without giving - them complete access to the site. - * Access control affects both published and unpublished nodes. - * Numerous other improvements to the node access system. -- Actions system - * Simplified definitions of actions and triggers. - * Removed dependency on the combination of hooks and operations. Triggers - now directly map to module hooks. -- Task handling - * Added a queue API to process many or long-running tasks. - * Added queue API support to cron API. - * Added a locking framework to coordinate long-running operations across - requests. - -Drupal 6.0, 2008-02-13 ----------------------- -- New, faster and better menu system. -- New watchdog as a hook functionality. - * New hook_watchdog that can be implemented by any module to route log - messages to various destinations. - * Expands the severity levels from 3 (Error, Warning, Notice) to the 8 - levels defined in RFC 3164. - * The watchdog module is now called dblog, and is optional, but enabled by - default in the default installation profile. - * Extended the database log module so log messages can be filtered. - * Added syslog module: useful for monitoring large Drupal installations. -- Added optional email notifications when users are approved, blocked, or - deleted. -- Drupal works with error reporting set to E_ALL. -- Added scripts/drupal.sh to execute Drupal code from the command line. Useful - to use Drupal as a framework to build command-line tools. -- Made signature support optional and made it possible to theme signatures. -- Made it possible to filter the URL aliases on the URL alias administration - screen. -- Language system improvements: - * Support for right to left languages. - * Language detection based on parts of the URL. - * Browser based language detection. - * Made it possible to specify a node's language. - * Support for translating posts on the site to different languages. - * Language dependent path aliases. - * Automatically import translations when adding a new language. - * JavaScript interface translation. - * Automatically import a module's translation upon enabling that module. -- Moved "PHP input filter" to a standalone module so it can be deleted for - security reasons. -- Usability: - * Improved handling of teasers in posts. - * Added sticky table headers. - * Check for clean URL support automatically with JavaScript. - * Removed default/settings.php. Instead the installer will create it from - default.settings.php. - * Made it possible to configure your own date formats. - * Remember anonymous comment posters. - * Only allow modules and themes to be enabled that have explicitly been - ported to the correct core API version. - * Can now specify the minimum PHP version required for a module within the - .info file. - * Drupal core no longer requires CREATE TEMPORARY TABLES or LOCK TABLES - database rights. - * Dynamically check password strength and confirmation. - * Refactored poll administration. - * Implemented drag-and-drop positioning for blocks, menu items, taxonomy - vocabularies and terms, forums, profile fields, and input format filters. -- Theme system: - * Added .info files to themes and made it easier to specify regions and - features. - * Added theme registry: modules can directly provide .tpl.php files for - their themes without having to create theme_ functions. - * Used the Garland theme for the installation and maintenance pages. - * Added theme preprocess functions for themes that are templates. - * Added support for themeable functions in JavaScript. -- Refactored update.php to a generic batch API to be able to run time-consuming - operations in multiple subsequent HTTP requests. -- Installer: - * Themed the installer with the Garland theme. - * Added form to provide initial site information during installation. - * Added ability to provide extra installation steps programmatically. - * Made it possible to import interface translations during installation. -- Added the HTML corrector filter: - * Fixes faulty and chopped off HTML in postings. - * Tags are now automatically closed at the end of the teaser. -- Performance: - * Made it easier to conditionally load .include files and split up many core - modules. - * Added a JavaScript aggregator. - * Added block-level caching, improving performance for both authenticated - and anonymous users. - * Made Drupal work correctly when running behind a reverse proxy like - Squid or Pound. -- File handling improvements: - * Entries in the files table are now keyed to a user instead of a node. - * Added reusable validation functions to check for uploaded file sizes, - extensions, and image resolution. - * Added ability to create and remove temporary files during a cron job. -- Forum improvements: - * Any node type may now be posted in a forum. -- Taxonomy improvements: - * Descriptions for terms are now shown on taxonomy/term pages as well - as RSS feeds. - * Added versioning support to categories by associating them with node - revisions. -- Added support for OpenID. -- Added support for triggering configurable actions. -- Added the Update status module to automatically check for available updates - and warn sites if they are missing security updates or newer versions. - Sites deploying from CVS should use https://www.drupal.org/project/cvs_deploy. - Advanced settings provided by https://www.drupal.org/project/update_advanced. -- Upgraded the core JavaScript library to jQuery version 1.2.3. -- Added a new Schema API, which provides built-in support for core and - contributed modules to work with databases other than MySQL. -- Removed drupal.module. The functionality lives on as the Site network - contributed module (https://www.drupal.org/project/site_network). -- Removed old system updates. Updates from Drupal versions prior to 5.x will - require upgrading to 5.x before upgrading to 6.x. - -Drupal 5.7, 2008-01-28 ----------------------- -- fixed the input format configuration page. -- fixed a variety of small bugs. - -Drupal 5.6, 2008-01-10 ----------------------- -- fixed a variety of small bugs. -- fixed a security issue (Cross site request forgery), see SA-2008-005 -- fixed a security issue (Cross site scripting, UTF8), see SA-2008-006 -- fixed a security issue (Cross site scripting, register_globals), see SA-2008-007 - -Drupal 5.5, 2007-12-06 ----------------------- -- fixed missing missing brackets in a query in the user module. -- fixed taxonomy feed bug introduced by SA-2007-031 - -Drupal 5.4, 2007-12-05 ----------------------- -- fixed a variety of small bugs. -- fixed a security issue (SQL injection), see SA-2007-031 - -Drupal 5.3, 2007-10-17 ----------------------- -- fixed a variety of small bugs. -- fixed a security issue (HTTP response splitting), see SA-2007-024 -- fixed a security issue (Arbitrary code execution via installer), see SA-2007-025 -- fixed a security issue (Cross site scripting via uploads), see SA-2007-026 -- fixed a security issue (User deletion cross site request forgery), see SA-2007-029 -- fixed a security issue (API handling of unpublished comment), see SA-2007-030 - -Drupal 5.2, 2007-07-26 ----------------------- -- changed hook_link() $teaser argument to match documentation. -- fixed a variety of small bugs. -- fixed a security issue (cross-site request forgery), see SA-2007-017 -- fixed a security issue (cross-site scripting), see SA-2007-018 - -Drupal 5.1, 2007-01-29 ----------------------- -- fixed security issue (code execution), see SA-2007-005 -- fixed a variety of small bugs. - -Drupal 5.0, 2007-01-15 ----------------------- -- Completely retooled the administration page - * /Admin now contains an administration page which may be themed - * Reorganised administration menu items by task and by module - * Added a status report page with detailed PHP/MySQL/Drupal information -- Added web-based installer which can: - * Check installation and run-time requirements - * Automatically generate the database configuration file - * Install pre-made installation profiles or distributions - * Import the database structure with automatic table prefixing - * Be localized -- Added new default Garland theme -- Added color module to change some themes' color schemes -- Included the jQuery JavaScript library 1.0.4 and converted all core JavaScript to use it -- Introduced the ability to alter mail sent from system -- Module system: - * Added .info files for module meta-data - * Added support for module dependencies - * Improved module installation screen - * Moved core modules to their own directories - * Added support for module uninstalling -- Added support for different cache backends -- Added support for a generic "sites/all" directory. -- Usability: - * Added support for auto-complete forms (AJAX) to user profiles. - * Made it possible to instantly assign roles to newly created user accounts. - * Improved configurability of the contact forms. - * Reorganized the settings pages. - * Made it easy to investigate popular search terms. - * Added a 'select all' checkbox and a range select feature to administration tables. - * Simplified the 'break' tag to split teasers from body. - * Use proper capitalization for titles, menu items and operations. -- Integrated urlfilter.module into filter.module -- Block system: - * Extended the block visibility settings with a role specific setting. - * Made it possible to customize all block titles. -- Poll module: - * Optionally allow people to inspect all votes. - * Optionally allow people to cancel their vote. -- Distributed authentication: - * Added default server option. -- Added default robots.txt to control crawlers. -- Database API: - * Added db_table_exists(). -- Blogapi module: - * 'Blogapi new' and 'blogapi edit' nodeapi operations. -- User module: - * Added hook_profile_alter(). - * Email verification is made optional. - * Added mass editing and filtering on admin/user/user. -- PHP Template engine: - * Add the ability to look for a series of suggested templates. - * Look for page templates based upon the path. - * Look for block templates based upon the region, module, and delta. -- Content system: - * Made it easier for node access modules to work well with each other. - * Added configurable content types. - * Changed node rendering to work with structured arrays. -- Performance: - * Improved session handling: reduces database overhead. - * Improved access checking: reduces database overhead. - * Made it possible to do memcached based session management. - * Omit sidebars when serving a '404 - Page not found': saves CPU cycles and bandwidth. - * Added an 'aggressive' caching policy. - * Added a CSS aggregator and compressor (up to 40% faster page loads). -- Removed the archive module. -- Upgrade system: - * Created space for update branches. -- Form API: - * Made it possible to programmatically submit forms. - * Improved api for multistep forms. -- Theme system: - * Split up and removed drupal.css. - * Added nested lists generation. - * Added a self-clearing block class. - -Drupal 4.7.11, 2008-01-10 -------------------------- -- fixed a security issue (Cross site request forgery), see SA-2008-005 -- fixed a security issue (Cross site scripting, UTF8), see SA-2008-006 -- fixed a security issue (Cross site scripting, register_globals), see SA-2008-007 - -Drupal 4.7.10, 2007-12-06 -------------------------- -- fixed taxonomy feed bug introduced by SA-2007-031 - -Drupal 4.7.9, 2007-12-05 ------------------------- -- fixed a security issue (SQL injection), see SA-2007-031 - -Drupal 4.7.8, 2007-10-17 ------------------------- -- fixed a security issue (HTTP response splitting), see SA-2007-024 -- fixed a security issue (Cross site scripting via uploads), see SA-2007-026 -- fixed a security issue (API handling of unpublished comment), see SA-2007-030 - -Drupal 4.7.7, 2007-07-26 ------------------------- -- fixed security issue (XSS), see SA-2007-018 - -Drupal 4.7.6, 2007-01-29 ------------------------- -- fixed security issue (code execution), see SA-2007-005 - -Drupal 4.7.5, 2007-01-05 ------------------------- -- Fixed security issue (XSS), see SA-2007-001 -- Fixed security issue (DoS), see SA-2007-002 - -Drupal 4.7.4, 2006-10-18 ------------------------- -- Fixed security issue (XSS), see SA-2006-024 -- Fixed security issue (CSRF), see SA-2006-025 -- Fixed security issue (Form action attribute injection), see SA-2006-026 - -Drupal 4.7.3, 2006-08-02 ------------------------- -- Fixed security issue (XSS), see SA-2006-011 - -Drupal 4.7.2, 2006-06-01 ------------------------- -- Fixed critical upload issue, see SA-2006-007 -- Fixed taxonomy XSS issue, see SA-2006-008 -- Fixed a variety of small bugs. - -Drupal 4.7.1, 2006-05-24 ------------------------- -- Fixed critical SQL issue, see SA-2006-005 -- Fixed a serious upgrade related bug. -- Fixed a variety of small bugs. - -Drupal 4.7.0, 2006-05-01 ------------------------- -- Added free tagging support. -- Added a site-wide contact form. -- Theme system: - * Added the PHPTemplate theme engine and removed the Xtemplate engine. - * Converted the bluemarine theme from XTemplate to PHPTemplate. - * Converted the pushbutton theme from XTemplate to PHPTemplate. -- Usability: - * Reworked the 'request new password' functionality. - * Reworked the node and comment edit forms. - * Made it easy to add nodes to the navigation menu. - * Added site 'offline for maintenance' feature. - * Added support for auto-complete forms (AJAX). - * Added support for collapsible page sections (JS). - * Added support for resizable text fields (JS). - * Improved file upload functionality (AJAX). - * Reorganized some settings pages. - * Added friendly database error screens. - * Improved styling of update.php. -- Refactored the forms API. - * Made it possible to alter, extend or theme forms. -- Comment system: - * Added support for "mass comment operations" to ease repetitive tasks. - * Comment moderation has been removed. -- Node system: - * Reworked the revision functionality. - * Removed the bookmarklet code. Third-party modules can now handle - This. -- Upgrade system: - * Allows contributed modules to plug into the upgrade system. -- Profiles: - * Added a block to display author information along with posts. - * Added support for private profile fields. -- Statistics module: - * Added the ability to track page generation times. - * Made it possible to block certain IPs/hostnames. -- Block system: - * Added support for theme-specific block regions. -- Syndication: - * Made the aggregator module parse Atom feeds. - * Made the aggregator generate RSS feeds. - * Added RSS feed settings. -- XML-RPC: - * Replaced the XML-RPC library by a better one. -- Performance: - * Added 'loose caching' option for high-traffic sites. - * Improved performance of path aliasing. - * Added the ability to track page generation times. -- Internationalization: - * Improved Unicode string handling API. - * Added support for PHP's multibyte string module. -- Added support for PHP5's 'mysqli' extension. -- Search module: - * Made indexer smarter and more robust. - * Added advanced search operators (phrase, node type, etc.). - * Added customizable result ranking. -- PostgreSQL support: - * Removed dependency on PL/pgSQL procedural language. -- Menu system: - * Added support for external URLs. -- Queue module: - * Removed from core. -- HTTP handling: - * Added support for a tolerant Base URL. - * Output URIs relative to the root, without a base tag. - -Drupal 4.6.11, 2007-01-05 -------------------------- -- Fixed security issue (XSS), see SA-2007-001 -- Fixed security issue (DoS), see SA-2007-002 - -Drupal 4.6.10, 2006-10-18 -------------------------- -- Fixed security issue (XSS), see SA-2006-024 -- Fixed security issue (CSRF), see SA-2006-025 -- Fixed security issue (Form action attribute injection), see SA-2006-026 - -Drupal 4.6.9, 2006-08-02 ------------------------- -- Fixed security issue (XSS), see SA-2006-011 - -Drupal 4.6.8, 2006-06-01 ------------------------- -- Fixed critical upload issue, see SA-2006-007 -- Fixed taxonomy XSS issue, see SA-2006-008 - -Drupal 4.6.7, 2006-05-24 ------------------------- -- Fixed critical SQL issue, see SA-2006-005 - -Drupal 4.6.6, 2006-03-13 ------------------------- -- Fixed bugs, including 4 security vulnerabilities. - -Drupal 4.6.5, 2005-12-12 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.6.4, 2005-11-30 ------------------------- -- Fixed bugs, including 3 security vulnerabilities. - -Drupal 4.6.3, 2005-08-15 ------------------------- -- Fixed bugs, including a critical "arbitrary PHP code execution" bug. - -Drupal 4.6.2, 2005-06-29 ------------------------- -- Fixed bugs, including two critical "arbitrary PHP code execution" bugs. - -Drupal 4.6.1, 2005-06-01 ------------------------- -- Fixed bugs, including a critical input validation bug. - -Drupal 4.6.0, 2005-04-15 ------------------------- -- PHP5 compliance -- Search: - * Added UTF-8 support to make it work with all languages. - * Improved search indexing algorithm. - * Improved search output. - * Impose a throttle on indexing of large sites. - * Added search block. -- Syndication: - * Made the ping module ping pingomatic.com which, in turn, will ping all the major ping services. - * Made Drupal generate RSS 2.0 feeds. - * Made RSS feeds extensible. - * Added categories to RSS feeds. - * Added enclosures to RSS feeds. -- Flood control mechanism: - * Added a mechanism to throttle certain operations. -- Usability: - * Refactored the block configuration pages. - * Refactored the statistics pages. - * Refactored the watchdog pages. - * Refactored the throttle module configuration. - * Refactored the access rules page. - * Refactored the content administration page. - * Introduced forum configuration pages. - * Added a 'add child page' link to book pages. -- Contact module: - * Added a simple contact module that allows users to contact each other using email. -- Multi-site configuration: - * Made it possible to run multiple sites from a single code base. -- Added an image API: enables better image handling. -- Block system: - * Extended the block visibility settings. -- Theme system: - * Added new theme functions. -- Database backend: - * The PEAR database backend is no longer supported. -- Performance: - * Improved performance of the forum topics block. - * Improved performance of the tracker module. - * Improved performance of the node pages. -- Documentation: - * Improved and extended PHPDoc/Doxygen comments. - -Drupal 4.5.8, 2006-03-13 ------------------------- -- Fixed bugs, including 3 security vulnerabilities. - -Drupal 4.5.7, 2005-12-12 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.5.6, 2005-11-30 ------------------------- -- Fixed bugs, including 3 security vulnerabilities. - -Drupal 4.5.5, 2005-08-15 ------------------------- -- Fixed bugs, including a critical "arbitrary PHP code execution" bug. - -Drupal 4.5.4, 2005-06-29 ------------------------- -- Fixed bugs, including two critical "arbitrary PHP code execution" bugs. - -Drupal 4.5.3, 2005-06-01 ------------------------- -- Fixed bugs, including a critical input validation bug. - -Drupal 4.5.2, 2005-01-15 ------------------------- -- Fixed bugs: a cross-site scripting (XSS) vulnerability has been fixed. - -Drupal 4.5.1, 2004-12-01 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.5.0, 2004-10-18 ------------------------- -- Navigation: - * Made it possible to add, delete, rename and move menu items. - * Introduced tabs and subtabs for local tasks. - * Reorganized the navigation menus. -- User management: - * Added support for multiple roles per user. - * Made it possible to add custom profile fields. - * Made it possible to browse user profiles by field. -- Node system: - * Added support for node-level permissions. -- Comment module: - * Made it possible to leave contact information without having to register. -- Upload module: - * Added support for uploading documents (includes images). -- Forum module: - * Added support for sticky forum topics. - * Made it possible to track forum topics. -- Syndication: - * Added support for RSS ping-notifications of http://technorati.com/. - * Refactored the categorization of syndicated news items. - * Added a URL alias for 'rss.xml'. - * Improved date parsing. -- Database backend: - * Added support for multiple database connections. - * The PostgreSQL backend does no longer require PEAR. -- Theme system: - * Changed all GIFs to PNGs. - * Reorganised the handling of themes, template engines, templates and styles. - * Unified and extended the available theme settings. - * Added theme screenshots. -- Blocks: - * Added 'recent comments' block. - * Added 'categories' block. -- Blogger API: - * Added support for auto-discovery of blogger API via RSD. -- Performance: - * Added support for sending gzip compressed pages. - * Improved performance of the forum module. -- Accessibility: - * Improved the accessibility of the archive module's calendar. - * Improved form handling and error reporting. - * Added HTTP redirects to prevent submitting twice when refreshing right after a form submission. -- Refactored 403 (forbidden) handling and added support for custom 403 pages. -- Documentation: - * Added PHPDoc/Doxygen comments. -- Filter system: - * Added support for using multiple input formats on the site - * Expanded the embedded PHP-code feature so it can be used everywhere - * Added support for role-dependent filtering, through input formats -- UI translation: - * Managing translations is now completely done through the administration interface - * Added support for importing/exporting gettext .po files - -Drupal 4.4.3, 2005-06-01 ------------------------- -- Fixed bugs, including a critical input validation bug. - -Drupal 4.4.2, 2004-07-04 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.4.1, 2004-05-01 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.4.0, 2004-04-01 ------------------------- -- Added support for the MetaWeblog API and MovableType extensions. -- Added a file API: enables better document management. -- Improved the watchdog and search module to log search keys. -- News aggregator: - * Added support for conditional GET. - * Added OPML feed subscription list. - * Added support for , , , , and . -- Comment module: - * Made it possible to disable the "comment viewing controls". -- Performance: - * Improved module loading when serving cached pages. - * Made it possible to automatically disable modules when under heavy load. - * Made it possible to automatically disable blocks when under heavy load. - * Improved performance and memory footprint of the locale module. -- Theme system: - * Made all theme functions start with 'theme_'. - * Made all theme functions return their output. - * Migrated away from using the BaseTheme class. - * Added many new theme functions and refactored existing theme functions. - * Added avatar support to 'Xtemplate'. - * Replaced theme 'UnConeD' by 'Chameleon'. - * Replaced theme 'Marvin' by 'Pushbutton'. -- Usability: - * Added breadcrumb navigation to all pages. - * Made it possible to add context-sensitive help to all pages. - * Replaced drop-down menus by radio buttons where appropriate. - * Removed the 'magic_quotes_gpc = 0' requirement. - * Added a 'book navigation' block. -- Accessibility: - * Made themes degrade gracefully in absence of CSS. - * Grouped form elements using '
' and '' tags. - * Added '