Security update

For more information on this release candidate and about compatible modules, themes and translations, refer to: http://drupal.org/drupal-6.0-rc3

This release candidate fixes a security vulnerability. Those running the previous release candidate are urged to upgrade immediately. For more details, please see the security announcement:

• SA-2008-016 - OpenID - Incorrect claimed_id returned for OpenID 2.0

In addition to this security vulnerability, the following bugs have been fixed since the first release candidate:

• #208427 report by Pancho, patch by dvessel: strpos() parameters were flipped in color module, resulting in bad colors
• #208197 by dvessel: back to cloning the table header only in tableheader.js (fixes radio button issues and Safari 2 crashing)
• - Patch #210140 by dww: fixed code comment: 'default_major' is now deprecated in favor of 'supported_majors'.
• - Patch #209236 by traxer: added a validation function for the poll form.
• - Patch #206495 by jvandyk: improved consistency of trigger descriptions.

Security update, see #216019, SA-2008-011 - Securesite - Access bypass.

Security update, see #216019, SA-2008-011 - Securesite - Access bypass.

The release fixes an arbitrary file upload issue. See SA-2008-015 for details.

Changes since DRUPAL-4-7:

This is the first release of comment_upload as a 0.1 version.

The release fixes an arbitrary file upload issue. See SA-2008-015 for details.

Changes since DRUPAL-5:

* #216022 (SA-2008-016) - OpenID - Incorrect claimed_id returned for OpenID 2.0
(reported by johnnysxip)
* other minor OpenID 2.0 compliance fixes