Security update

This release fixes a security vulnerability, all users of Meta tags 6.x-1.0 or any 6.x-1.x-dev snapshot from before 2009-09-23 are urged to upgrade. For more details, see SA-CONTRIB-2009-060.

Differences with version 6.x-1.0:

The twentieth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2009-008 Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 5.19 release:

• Backport of #227228 by andypost, et al. Per-table cache_flush variables to avoid not flushing all but the first table when multiple tables are cleared.
• #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was separated by one blank line, thus disconnecting it for the API docs parser.
• #472160 by chx and Heine. Deny D6-style access elements.
• #109513 backport by Freso. Create temporary mysql tables in memory.
• #292565 second follow up by John Morahan: fix login destination again on 403/404 pages and make the search form work there if displayed

The fourteenth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2009-008 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.13 release:

• #482646 follow up by Dave Reid: only check the db prefix for simpletest if it was a string (not running a multisite)
• #284392 by Passionate_Lass, Anselm Heaton, tassoman, agentrickard: DISTINCT handling in db_distinct_field()'s MySQL implementations was resulting in bogus queries
• #310139 by fonant, c960657, pwolanin: drupal_urlencode() and Drupal.encodeURIComponent was used to encode query strings and other components it should not have been used for
• #499254 by chx: Drupal lacked support for positive integer values in database queries, beyond PHP_INT_MAX; caused issues with twitter integration and big numbers in general

Fix for SA-CONTRIB-2009-059.

This release fixes a security vulnerability, all users of Comment RSS 5.x-2.1 or any 5.x-2.x-dev snapshot from before 2009-09-16 are urged to upgrade. For more details, see SA-CONTRIB-2009-058.

This release fixes a security vulnerability, all users of Comment RSS 6.x-2.1 or any 6.x-2.x-dev snapshot from before 2009-09-16 are urged to upgrade. For more details, see SA-CONTRIB-2009-058.

Other changes since DRUPAL-6--2-1:

• by Dave Reid: Cleaned up commentrss_format_items().