Security update

Finally release dev-branch (long overdue)

This release fixes a security issue. See SA-CONTRIB-2010-025 - TinyMCE - Cross Site Scripting (XSS) for details.

The twenty-second maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

The sixteenth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2010-001 - Drupal Core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.15 release:

• #673974 by sun: PHP notice when mass-unpublishing or deleting comments, and wrong form validation redirect
• #424372 by mr.baileys, bombatower, Arancaytar: :: in .info files caused fatal error, use list of constants for lookup instead
• #370958 by Rob Loach, drewish, c960657, neilnz: some Adobe Flash MIME types were missing from our MIME listing
• #284392 follow up by benoitg, brianV, mathieu, evoltech, tyr, Steven Jones, agentrickard, bl444137: better fix for issues around SQL rewrites adding DISTINCT

Changes since DRUPAL-6--1-3:

Fix for SA-CONTRIB-2010-023, improper filtering of [workflow-current-state-log-entry] token.