Download drupal-6.5.tar.gztar.gz 1.02 MB
MD5: a88c561f0e61168b6ac710de55b6f91f
SHA-1: f67ce3b42367d849900e47e835fc3e9ed52014bd
SHA-256: f7ce19cf099ed202c69fe04e4933c1b4081bf824600b44a9e043c350ff6ef0cf
Download drupal-6.5.zipzip 1.2 MB
MD5: 6640c92ae16ab0b0e9010e33c183478e
SHA-1: 40a7195bd1dba4033e097c30d8017ca22e97a53d
SHA-256: 78c4e60889c44f61a0cb2cc55c44c1392909e495e059c2ea409ff88be7249d6e

Release info

Created by: Gábor Hojtsy
Created on: 8 Oct 2008 at 20:15 UTC
Last updated: 8 Oct 2008 at 20:34 UTC
Core compatibility: 6.x
Release type: Security update, Bug fixes

Release notes

The fifth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

In addition to this security vulnerability, the following bugs have been fixed since the 6.4 release:

  • - Patch #246143 by bjaspan, Damien Tournoud: make sure updates are run in numeric order, not in definition order.
  • - Patch #221230 by Heine: convert requirement error on update to requirement warning.
  • - Patch #252430 by quicksketch: allow base theme prefix in preprocessor function names to correct expected behavior.
  • - Patch #245322 by mfb: fixed breadcrumb behavior.
  • - Patch #287949 by Freso, Damien Tournoud: keep language icons in consistent order across nodes.
  • - Patch #265899 by mfb: uri_brief mail token did not support https URLs.
  • - Patch #272952 by NancyDru and chx: fixed documentation issue.
  • - Patch #170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie.
  • - Patch #243063 by GoofyX: fixed typo in context-sensitve help.
  • - Patch #295152 by dww, Damien Tournoud, et al: fixed version comparison.
  • - Patch #278759 by douggreen, fletchgqc: improved code comment.
  • - Patch #276018 by mfb: extend the lifetime of temporary files.
  • - Patch #228576 by sun: too ambiguous stylesheet in dblog.css when form_altering the watchdog table.
  • - Patch #285309 by pwolanin: menu_name in hook_menu is ignored on updates.
  • - Patch #261859 by rse, Damien Tournoud: make the trigger module work on PostgreSQL.
  • - Patch #305436 by Damien Tournoud, lelutin: fixed unclosed <li> tag in the context-sensitive help.
  • #305920 originally reported by hass at #217884, patch by myself: JavaScript cache was not invalidated when a translation of a string was edited
  • - Patch #308549 by lyrincz, Dave Reid: fixed broken link in PHPdoc.
  • #227486 by profix898: 'menu_router's 'load_functions' and 'to_arg_functions' were too short to contain long function names and/or multiple arguments as required by complex Views and Panels
  • #278458 reported by j0hn-smith, patch by pwolanin: the menu cache was not cleared properly in menu_link_maintain()
  • #188246 by deekayen, mfb et al.: some icon and class definitions were missing from dblog, causing notice level errors themselves
  • #214516 by mfb: Add the Real Time Streaming Protocol (RTSP) to the allowed protocol list in filter_xss_bad_protocol().
  • #253577 by Morbus Iff, nevergone: Allow setting comment timestamp in comment_save(). Enabled import scripts to import dates for comments.
  • #208270 reported by Dries, patch by jvandyk: it was not possible to clear the XML-RPC error cache, making it impossible to do multiple queries in one request. Add xmlrpc_clear_error() and slightly modify xmlrpc_error() to fix.
  • #257912 by douggreen and Damien Tournoud: improve performance of search indexing by swapping two queries for the one which is successful more often
  • #254242 report by bwooster47, patch by dropcube: (regression) preview forcing on nodes had its setting kept, but was not enforced in code; restoring Drupal 5 behavior
  • #213699 reported by gpk, patch by c960657: Race condition in sess_write() caused duplicate entry errors in the sessions table, fix that.
  • #201799 by yched, quicksketch: compute identation width for draggables better, counting on padding and margin as well as measuring the width at the place where it is used (taking possible CSS overrides into account)
  • #230932 follow up by drumm, drewish: Capitalize false to FALSE (minor code style fix).
  • #308713 by fletchgqc: The database schema for locale module allows for 128 chars in the domain name, so the form should allow up to that length as well (instead of 64).
  • #228761 by zsanmartin, roborn: Installer did not recognize language files with dashes in them, such as pt-pt or zh-hans. Fixing pattern and pt-pt language code.
  • #297952 by aaron, merlinofchaos, dvessel: Reserve the 'template_file' variable instead of the too generic 'file' for template file inclusion. This makes 'file' available for themes.
  • follow up to #280621 by lilou: the object tag was disallowed in a previous version in filter_xss_admin(), so disallow param as well, which is only meaningful inside an object tag
  • #277214 reported by Damien Tournoud, patch by dereine, lilou: _load() functions should return FALSE on failure but taxonomy_vocabulary_load() was returning NULL
  • #224006 by Daniel Jalkut: blogapi_metaweblog_get_category_list() verified user access for the given content type but did not log in the user first
  • #158992 by bangpound, sun, Dries: Inline JavaScript was invalid in XHTML. It needs to be properly wrapped in CDATA.
  • #180063 by andremolnar, TheMystic, R.Muilwijk: There was no way to flush form errors during iterative programatic form submission. Slight API expansion.
  • #267724 by cpugeniusmv, dww, maartenvg: Update module was not checking for new data when the cache was cleared, until the set time was elapsed. Now checks on cron after the cache was cleared.
  • #268006 by pwolanin: Help from hook_help() was displayed on 403/404 pages.
  • #299672 by fago, chx: Cache form only if any of its element set #cache to TRUE (not if #cache is set at all)
  • #314564 by m1mic: fix HTML validation in the pushbutton theme - footer paragraph wrapping and bgcolor invalid.
  • #312982 by hass: The text '(source)' was not translatable in
  • #184143 by redndahead, tested by yoroy, quicksketch: tableheader.js interfered with #anchors in table rows
  • - Patch #273743 by meba, jsaints: fixed exmaple code.
  • #261148 by chx, pwolanin: The menu's first rebuild does not always happen properly due to race conditions, so look to rebuild the menu if the masks are empty.
  • #268584 by agentrickard, Dries, Rob Loach, webchick: move to a 100 terms per page default for the taxonomy administration pages, since with the current 10 default, the drag and drop ordering is not useful at all.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects