Security update

Important: This version of the module requires Drupal 6.11. It will not work in older versions.

Changes since DRUPAL-6--1-6:

Important: This version of the module requires Drupal 5.17. It will not work in older versions.

Changes since DRUPAL-5--4-6:

• fix for #461158: Align page template to latest Drupal 6 standards related to SA-CORE-2009-005

Added check_plain() for titles to prevent possible XSS.

The eleventh maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2009-005 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed since the 6.10 release:

• #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; resulted in issue in logic not code flow
• #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
• #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML markup in update.php output
• #372914 by chx, pwolanin, webchick: Menu link title localization was broken when a non-t callback was used
• #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.

The seventeenth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2009-005 Drupal core - Cross site scripting