Download drupal-6.11.tar.gztar.gz 1.03 MB
MD5: 6a341807b83c4e48f50ce7921562402c
SHA-1: 083fdf4f7248603677b3c294f7ddb060a07d4fa8
SHA-256: 89d360d667a527235ceb10962cfffd0448194636b7d2b73cf22ff8b13a7d2f1b
Download drupal-6.11.zipzip 1.21 MB
MD5: 36b5d5788a8ea32e6a3fc018d41c415d
SHA-1: 756ec04e5304664d189d841791696033ef2ca5a3
SHA-256: d04d7d762c920c5795add723c23cae7d2e77ed0a89b7323f64d77a5529ecbcda

Release info

Created by: Gábor Hojtsy
Created on: 30 Apr 2009 at 00:17 UTC
Last updated: 30 Apr 2009 at 00:35 UTC
Core compatibility: 6.x
Release type: Security update, Bug fixes

Release notes

The eleventh maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

In addition to this security vulnerability, the following bugs have been fixed since the 6.10 release:

  • #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; resulted in issue in logic not code flow
  • #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
  • #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML markup in update.php output
  • #372914 by chx, pwolanin, webchick: Menu link title localization was broken when a non-t callback was used
  • #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.
  • #404244 by cwgordon7: minor code style fix in openid_help().
  • #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 twice and did not pass a3 to the action when the action type was other then node
  • #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was separated by one blank line, thus disconnecting it for the API docs parser
  • #408962 by brianV: improve phpdoc documentation for menu_tree_collect_node_links() and menu_tree_check_access().
  • #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
  • #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set by drupal_not_found() or drupal_access_denied() so that we can properly redirect from those pages.
  • #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ location.hash).offset() does not alway return an object, which breaks all JavaScript on the page, so check for the return value before using it.
  • #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch API compatible with drupal_execute(), so things like creating a CCK type or adding fields to it (by submitting forms programatically) are possible in update functions
  • #365996 by sammys: the correct full name for the timestamp field in postgresql is timestamp without time zone; improve compatibility with PostgreSQL / schema module
  • #279233 by Aren Cambre, jbomb: Message printed when email is not being possible to send was informal and had a grammar problem.
  • - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
  • - Patch #372414 by JohnAlbin: don't output empty div when no comment exist.
  • - Patch #228477 by anuradha: corrected Sinhala language.
  • - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() validators.
  • #382096 by Arancaytar: clean up #maxlength use in the installer; remove arbitrary 45 character limits, put reasonable limits in place where it makes sense
  • #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient
  • #385602 by Damien Tournoud, desbeers: log messages were not remembered on node preview
  • #437120 by mfb: avoid double escaping of taxonomy term names in feed links and channel titles
  • #437930 by soxofaan: remove unnecessary tabindex attribute from login form; makes altering harder
  • #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was matching on prefixes of node paths instead of the node paths themselves (and possible subtabs)
  • #401304 by Darren Oh: make conditional in statistics_link() more explicit to catch node related invocations
  • #363262 follow up by Dave Reid: fix phpdoc comments on update functions to properly mark update functions added after 6.0 was released
  • #317775 by Starminder, pwolanin: do not store the menu router table serialized in cache, since it cases more performance problems then it solves
  • #282852 by Arancaytar, will_in_wi: remove negative margin on .node in Garland, so nodes do no overlap the messages area on the page
  • #227228 by ilmaestro, gpk,, catch, andypost: use per-table cache_flush variables to avoid not flushing all but the first table when multiple tables are cleared
  • #445600 by Rob Loach: allow for as few as 1 required word in submission of a node of a content type if the admin wants to set so
  • #343415 by Damien Tournoud: the form cache is not automatically cleared on submit if the page cache is activated
  • Rolling back #343415 given disputes around its change in Drupal 7.
  • #229660 by Dave Reid: use theme('username', ...) to display usernames on the user contact page
  • #447700 by dww: Earl Miles is not update.module maintainer anymore
  • #431148 by pwolanin, dww: Make it easier to visually distinguish security updates on Updates report
  • #396224 by pwolanin: Further harden template file name discovery
  • #220592 by dww and pwolanin: Always use the database for caching in update module, so that project data persists. Improves both local and site performance.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects