Downloads
Release notes
Why is this release a RC (release candidate)?
This release includes the fix for an important bug (#810534: Fix CAPTCHA session reuse), which made it possible to reuse CAPTCHA sessions and lowered the barrier to entry for spam bots. The fix is a rather big change, including a database change, so do not forget to run the update.php script.
Because the change is rather big, I wanted to be sure the fix didn't break a lot of other things. In the first place, I provided simpletest coverage for the bug, albeit limited to the CAPTCHA protection of some Drupal core forms (login form, comment form and node form). However, I wanted also some manual testing on real world sites and use cases, but I got only one (positive) response in #810534: Fix CAPTCHA session reuse.
To avoid that the lack of manual testing would block the commit of the fix, I decided to commit it and release the fixed version as a release candidate for 6-x.2.3. This way there is more real world testing, while still making it clear that the release could still have some issues. If you want stability and don't trust release candidate: stay at CAPTCHA 6.x-2.2. On the other hand, in terms of simple test coverage, CAPTCHA 6.x-2.3-RC1 could be considered more stable than CAPTCHA 6.x-2.2 as the coverage has increased.
Important changes since DRUPAL-6--2-2:
- #810534: fixed CAPTCHA session reuse hack
- #773124: added a new persistence level to always add a challenge, even on multi-step/preview form workflows