The fourth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
In addition to this security vulnerability, the following bugs have been fixed since the 6.3 release:
- #225880 follow up by webchick: improve error message when writable settings.php is not present
- - Patch #275801 by Damien Tournoud and Gribnif: fixed performance issue due to typo.
- - Patch #281943 by webchick, Arancaytar, dropcube et al: order install profiles alphabetically.
- - Patch #285467 by mustafau: fixed typo a MT blog API function.
- - Patch #238600 by scor: removed two unused links from context-sentive help.
- - Patch #268491 by mustafu, pwolanin, et al: fixed notice after deleting aggregator feed.
- - Patch #293434 by eMPee584 and Damien: fixed broken watchdog call.
- - Patch #254725 by Steve Dondley and BioALIEN: maxlength field for 'allowed HTML tags' is too short
- - Patch #290918 by pwolanin: don't unset project info during processing.
- - Patch #165642 by Damien Tournoud: error in SQL syntax in user.module.
- - Patch #246522 by mustafu, Dries: fixed typo in documentation.
- - Patch #283806 by mustafau, Aron Noval: improved error handling in drupal_http_request().
- - Patch #290869 by Wim Leers: AHAH functionality was not working for radio buttons.
- - Patch #293421 by Bart Jansens: fixed documentation of sess_count().
- - Patch #290869 by swenterl, cwgordon07: fixed notice in #ahah handling.
- - Patch #293343 by Bart Jansens: removed obsolete table name from documentation. Candidate for Most Trivial Patch of the Month Award.
- - Patch #293504 by Damien Tournoud: fixed search on PostgreSQL - argument of AND must be type boolean, not type integer.
- - Patch #283806 by mustafau: fixed bug in drupal_http_request()