Download drupal-6.9.tar.gztar.gz 1.03 MB
MD5: 5c682a4709f4632febbe7617a784a01a
SHA-1: d9eb531bcb2a4d500dc9e989b0afe702653d7e84
SHA-256: 350feb1350ef272f7d70ee1b77cdbc05afba2fb6c4326e0e0c9a18c2c313d5d8
Download drupal-6.9.zipzip 1.2 MB
MD5: 92314f5cbb6116247dd5f287905ac898
SHA-1: 2688c02ce5af875ae52c365b71e5ced3ef950257
SHA-256: d077365d5c488a88ad69cf0f7465ae299c0ef7d8af97daf740109c0effb4cadf

Release info

Created by: Gábor Hojtsy
Created on: January 14, 2009 - 23:35
Last updated: January 14, 2009 - 23:49
Core compatibility: 6.x
Release type: Security update, Bug fixes

Release notes

The ninth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

In addition to this security vulnerability, the following bugs have been fixed since the 6.8 release:

  • - Patch #331708 by chx: poll_choice_js uses FAPI2.
  • - Patch #350708 by dww: t() documentation clean-up.
  • #245990 by Dave Reid, chx, dww: Look for the page when a HTTP request seems to fail. Looking for the local page caused problems for people with interactive authentication, redirects, hosting added JavaScript code, and so on.
  • - Patch #262920 by ainigma32: language selection for domain should look at HTTP_HOST not SERVER_NAME.
  • - Patch #353886 by killes: too many arguments to SQL query in locale import.
  • - Rollback of #325908.
  • #347228 by kajetan: user was redirected to admin/build/translate instead of admin/build/translate/import
  • #332123 by webchick, lilou, andypost: backport of removal of t() around schema desciptions
  • #257009 by bjaspan, Freso, Darren Oh: check to not create global constraints twice in PostgreSQL (for example, when the testing framework is running)
  • #169937 by Heine, drumm, alexanderpas, Darren Oh: only regenerate session if the user is the current global user
  • #308526 by chx: Also reset actions_list() cache on actions_synchronize()
  • #323474 by gpk, Dave Reid, catch: hook_boot() was not called on non-cached pages when agreesive caching was on
  • #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text
  • #328977 by Dave Reid, hgmichna: comment_controls() form function lacks first form_state parameter, so passed values are incorrectly used
  • #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas
  • #347485 by cdale: only add upload submit handler if the upload form is added
  • #344052 by salvis: remove unused $update_node variable from node module
  • #356782 by quicksketch: remove unused unset($edit) from _form_builder_handle_input_element()
  • #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url()
  • #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted
  • #245990 follow up by Damien Tournoud, David_Rothstein, pwolanin: Move back to an internal URL check for HTTP request checking and make the request checking less intrusive on what requests can be accomplished


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects