Security update

The tenth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-047 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed in the 5.10 release:

• #117748 by webchick, Pancho, Rob Loach, pwolanin: required field values were not properly trim()ed on validation
• #207991 by Rok Zlender: xmlrpc_date did not parse dates well. Backport by clemens.tolboom.
• Patch #254725 by Steve Dondley and BioALIEN: maxlength field for 'allowed HTML tags' is too short. Backport by scor.
• - Patch #285467 by mustafau: fixed typo a MT blog API function.
• #272636 by evolvingweb, dvessel: add 'js' class to html tag in drupal.js instead of overwriting all its classes with 'js'. Backport by sun.
• #292538 by Damien Tournoud and hanoii. Fix $sidebar_indicator behavior.

This is the beta version of the project. You can create validators and assign them to any field on your site through the admin UI.

Security

Security improvements to lists of taxonomy terms (newsletter series) on admin pages and subscription forms. See SA-2008-056 - Simplenews - Cross site scripting for details.

Bug fixes

"From name" doesn't show up in the mail (#222530: "From name" doesn't show up in the mail.).

Security

* Security improvements to lists of taxonomy terms (newsletter series) on admin pages and subscription forms. See SA-2008-056 - Simplenews - Cross site scripting for details.

New features

* Trigger on subscription and unsubscription. (#270835: Send a newsletter upon subscription)
* i18n integration:

• Multilingual taxonomy of 'Localized terms' and 'per language terms' is supported.
• Translated nodes send to subscribers by their preferred language.
• Path prefixes are added to footer message according to the subscribers preferred language when required.
• Anonymous users are subscribed with a preferred language based on the subscription page language. (#285719: Allow anonymous users to subscribe with a preferred language)

* Permission for 'administer simplenews settings'
* Mass unsubscribe admin function. ([#200512[)

Usability improvements

* On one page admin can select node type and vocabulary simplenews uses.
* Newsletter vocab now only controlled by simplenews settings.
* Newsletter specific from name and address default to the simplenews general settings. (#222530: "From name" doesn't show up in the mail.)
* Improved usability of newsletter specific settings. (#278823: Improve usability of newsletter specific settings.)
* Reorder simplenews settings functions.
* Divide simplenews admin pages in 'content' and 'settings'. (#278109: Divide simplenews admin pages in 'content' and 'settings')

The ninth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-046 - Drupal core - Session fixation

In addition to this security vulnerability, the following bugs have been fixed in the 5.9 release:

• #281042 by schuyler1d. Render blocks before CSS and JS header generation.
• #232433 by Damien Tournoud. Use non-localized date for RSS.
• #281494 by beeradb. Code style.
• #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0.
• #252921 by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility.
• #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions
• #280934. Make sure session is always regenerated.

Fixes SA-2008-045 - OpenID - Cross site scripting and Cross site request forgeries.

Backported from the Drupal 6.x core module.