captcha 6.x-2.3

Security update
New features
Bug fixes

Fix for Session reuse hack

This release includes the fix for an important bug (#810534: Fix CAPTCHA session reuse), which made it possible to reuse CAPTCHA sessions and lowered the barrier to entry for spam bots. The fix is a rather big change, including a database change, so do not forget to run the update.php script.

For more info: also see the release notes for CAPTCHA 6.x-2.3-RC1 and CAPTCHA 6.x-2.3-RC2.

Minor changes since DRUPAL-6--2-3-RC2:

  • typo in German translation (reported by GraemeB)
  • #766190: Added button to admin page to clear the CAPTCHA placement cache
  • added a touch of extra sanitizing of raw posted data
  • #881156 by vivekkhurana: disable autocompletion on CAPTCHA response fields
  • #780206: Add warning to Performance settings page about CAPTCHA and caching
  • #780206: added warning during installation about page caching and CAPTCHA

All changes since DRUPAL-6--2-2:

Major:

  • #810534 by soxofaan: fixed CAPTCHA session reuse hack

captcha 6.x-2.3-rc2

New features
Bug fixes
Insecure

Changes since DRUPAL-6--2-3-RC1

  • #844148: fixed call-time pass-by-reference problem in update function
  • various minor tweaks (syncing some stuff back from DRUPAL-7--1 branch)

Why is this release a RC (release candidate)?

This release includes the fix for an important bug (#810534: Fix CAPTCHA session reuse), which made it possible to reuse CAPTCHA sessions and lowered the barrier to entry for spam bots. The fix is a rather big change, including a database change, so do not forget to run the update.php script.
Because the change is rather big, I wanted to be sure the fix didn't break a lot of other things. In the first place, I provided simpletest coverage for the bug, albeit limited to the CAPTCHA protection of some Drupal core forms (login form, comment form and node form). However, I wanted also some manual testing on real world sites and use cases, but I got only one (positive) response in #810534: Fix CAPTCHA session reuse.

captcha 6.x-2.3-rc1

New features
Bug fixes
Insecure

Why is this release a RC (release candidate)?

This release includes the fix for an important bug (#810534: Fix CAPTCHA session reuse), which made it possible to reuse CAPTCHA sessions and lowered the barrier to entry for spam bots. The fix is a rather big change, including a database change, so do not forget to run the update.php script.
Because the change is rather big, I wanted to be sure the fix didn't break a lot of other things. In the first place, I provided simpletest coverage for the bug, albeit limited to the CAPTCHA protection of some Drupal core forms (login form, comment form and node form). However, I wanted also some manual testing on real world sites and use cases, but I got only one (positive) response in #810534: Fix CAPTCHA session reuse.
To avoid that the lack of manual testing would block the commit of the fix, I decided to commit it and release the fixed version as a release candidate for 6-x.2.3. This way there is more real world testing, while still making it clear that the release could still have some issues. If you want stability and don't trust release candidate: stay at CAPTCHA 6.x-2.2. On the other hand, in terms of simple test coverage, CAPTCHA 6.x-2.3-RC1 could be considered more stable than CAPTCHA 6.x-2.2 as the coverage has increased.

Important changes since DRUPAL-6--2-2:

captcha 5.x-3.3

Security update

Changes since DRUPAL-5--3-2:

  • Security update: added filtering against XSS on the CAPTCHA description
  • #179747: added option for case insensitive validation

captcha 6.x-2.2

Security update
Bug fixes
Insecure

Changes since DRUPAL-6--2-1:

captcha 7.x-1.x-dev

At this point, the Drupal 7 version of the CAPTCHA module is under heavy upgrade/development. Not recommended for general use (unless you really, really know what you're doing).

captcha 6.x-2.1

New features
Bug fixes
Insecure

A new year, a new release from the CAPTCHA 6.x-2.x branch. Changes since previous release (6.x-2.0):

captcha 6.x-2.0

New features
Insecure

Yay, the times of Beta and RC releases are over, we have a 6.x-2.0 final release!
It's been a long ride, mainly because I (soxofaan) am currently the only active maintainer and I only can do this in my sparsely distributed free time. If you are interested in deeper involvement with this module, feel free to contact me or jump right into the issue queue. Help is welcome on several levels (bug fixing, feature implementation, simpletest, translation, documentation writing, etc).

For users coming from the CAPTCHA 6.x-1.x branch: don not forget to run the update.php script (example.com/update.php) on your setup because the CAPTCHA 6.x-2.x introduces an extra database table. Apart from that, upgrading should be painless and your settings should be kept. One note however: the "Text CAPTCHA" submodule (word choice challenge) was removed from the CAPTCHA 6.x-2.x branch (mainly because it kept back the maintenance of the CAPTCHA core module) and was moved and improved in the CAPTCHA pack module. So, if you used the text CAPTCHA and want to upgrade to CAPTCHA 6.x-2.x, it is recommended to disable and uninstall the text CAPTCHA module first before upgrading.

Changes since DRUPAL-6--2-0-RC3:

  • Added watchdog logging of "unknown csid" problem for easier debugging.

captcha 6.x-2.0-rc3

Bug fixes
Insecure

This release is intended to be the last release candidate before a final CAPTCHA 6.x-2.0 version.

Feature-wise, the goals of CAPTCHA 6.x-2.0 are completed and there are no critical or outstanding bug reports left. However, I decided not to go for a final 6.x-2.0 version because of the following.
This 6.x-2.0-RC3 release is the milestone where the CAPTCHA 6.x-2.x branch becomes the recommended branch for Drupal 6 and the 6.x-1.x branch becomes deprecated (it was already unmaintained for many moons). Switching the "recommendedness" on a release candidate is mainly to increase usage of the 6.x-2.x branch (which is now roughly at 5000) at the expense of the 6.x-1.x branch (which is now roughly at 22000), collecting more feedback and possibly work out some more kinks before the final CAPTCHA 6.x-2.0 version.

captcha 6.x-2.0-rc2

New features
Bug fixes
Insecure

A 6.x-2.0 release is coming closer!
The large architectural changes are (finally) over.
Only some small issues and kinks to work out.

Changes since DRUPAL-6--2-0-RC1:

captcha 6.x-2.0-beta4

Bug fixes
Insecure

Changes since DRUPAL-6--2-0-BETA3:

  • implemented admin mode CAPTCHAs (presolved and no validation)
  • added simpletest file captcha.test and removed old version of simpletest file
  • renamed _captcha_update_captcha_point() to captcha_set_form_id_setting().
  • #384814: better checking of TTF support
  • removed the double vision feature, which was not very usefull.
  • made noise level more fine grained
  • various refactoring and code cleanups

captcha 6.x-2.0-beta2

Bug fixes
Insecure

Changes since DRUPAL-6--2-0-BETA1:

  • #354520 by Anselm Heaton: SQL syntax error
  • minor UI tweak: added more descripitive title to collapsible CAPTCHA admin fieldset
  • #356407: fixed problem with reCAPTCHA module
  • added textfield and select widget to CAPTCHA point table for easier adding form_ids
  • minor fix
  • #237147: Reordered the "Form protection" fieldset on the CAPTCHA administration page

captcha 6.x-2.x-dev

Nightly snapshot of the development version of the CAPTCHA 6.x-2.x branch

captcha 5.x-3.2

New features
Insecure

Since CAPTCHA 5.x-3.1 was already more than one year old, it was time for a new release.
Do not forget to run update.php
This new release brings a lot of new stuff and fixes:

  • Added visual structure to the CAPTCHA administration links to make it more user friendly
  • #200355: fixed typos with administration/administrator
  • Updated Greek translation. Updated captcha-module.pot from latest potx.
  • #207234 and #207226: by Pancho: various cleanups and tweaks backported to DRUPAL-5--3
  • updated outdated russian translation
  • #213928: the list of unsolved challenges per user is now FIFO instead of "flush all when full", removes "You can't request more than @num challenges without solving them" message
  • #227478: limited size of text CAPTCHA text field to 15 chars
  • #231491: minor cange: added a t(...)
  • #231491 (minor): added t(..) to permission strings where needed
  • added message after installation linking to CAPTCHA admin for better usability
  • #241248: fixed problem with overwriting of #pre_render functions in certain situations
  • stupid typo

captcha 6.x-2.0-beta1

New features
Insecure

First Beta of a rework of the CAPTCHA module, that does not require sessions for storing the challenge solutions, but uses a dedicated table instead.

The use of sessions in the previous versions of the CAPTCHA module is responsible for a large volume of support requests in the issue queue, because of problems with sessions, "user 0", cookies, browser security levels, etc.
Dropping the sessions requirement should eradicate this type of problems.

captcha 6.x-1.0-rc1

First official release of the Drupal 6 port of the CAPTCHA module.

captcha 5.x-3.1

Insecure
  • #185533 by soxofaan and incrn8: Add a CSS class to the Captcha fieldset
  • #183608 by soxofaan: Add requirement check for GD Library when using Image CAPTCHA
  • Polish translation update for version 5.x-3.0 by archetwist
  • Added alt and title to img element for better accessibility and w3c by soxofaan
  • Added check to prevent "notice: Trying to get property of non-object ..." error by soxofaan

captcha 5.x-3.0-rc2

New features
Bug fixes
Insecure

Captcha API changed! Many bugs fixed, improvements in UI, user help improved.
And much more stable! ;)

Changes since RC1:
Feature #170203: Adding $Id: $ to files.
Feature #168842: add full path to font selector in image_captcha
Feature #168694: reordering captcha's menu.
Fixed #168759: Fixing permitions problems
Patch #168004: Provide a link to free fonts
Fixed #156503: Allows to avoid having to repeatedly do captchas during multiple previews.
Patch #166534: Adds an overview page with examples of all available captha challenges.
Patch #158613: Minor improvements in captcha API, changing value to response, and anwser to solution
Patch #166517: Minor cosmetic tweaks of 'Math' captcha
Patch #166132: Image Captcha - Font Selector
Patch #167166: Wrong check in captcha module
Patch #166877: image captcha cleans to much of $_SESSION['image_captcha']
Patch #160947: CAPTCHA_DESCRIPTION Untranslatable
Patch #165530: empty captcha_answer before rendering
Patch #165393: Configuration page - not where Readme.txt says it is
Patch #163531: Small typo in module
Patch #158747: small image placement issue with image_captcha
Patch #160947: CAPTCHA_DESCRIPTION Untranslatable
Patch #162312: Font License Issue
Patch #161572: user_login / user_login_form can't be captcha-enabled

captcha 5.x-3.x-dev

New features
Bug fixes

Development snapshot of the DRUPAL-5--3 branch

Pages

Subscribe with RSS Subscribe to Releases for CAPTCHA