Release info

Created by: hunmonk
Created on: May 12, 2010 - 17:42
Last updated: May 12, 2010 - 17:53
Core compatibility: 5.x
Release type: Security update, Bug fixes

Release notes

Changes since DRUPAL-5--1-6:

  • remove unnecessary db_query -- admins validating a user account shouldn't trigger an account login, either.
  • better check for no password.
  • switch to using user_pass_rehash() for validation hashes.
  • #739978 by quicksketch: Remove the CVS version/revision from the settings page
  • #769900 by hunmonk, miro_dietiker: redirect on invalid email validation.
  • #765994 by hunmonk: Non-authenticated role is hidden in user profile form even when 'Set password' is unchecked. also backported the missing logic for the user admin form from 6.x
  • #797142 by hunmonk: fix session fixation vulnerability.