Security update

This is a security release. See the announcement SA-2008-001 - Devel - Cross site scripting for details.

For more information on this release candidate and about compatible modules, themes and translations, refer to: http://drupal.org/drupal-6.0-rc2

This release candidate fixes security vulnerabilities. Those running the previous release candidate are urged to upgrade immediately. For more details, please see the security announcement:

• SA-2008-005 - Drupal core - Cross site request forgery
• SA-2008-006 - Drupal core - Cross site scripting (UTF8)
• SA-2008-007 - Drupal core - Cross site scripting (register_globals)

In addition to this security vulnerability, the following bugs have been fixed since the first release candidate:

• #199241 by bjaspan, Heine: fix documentation on how confirm forms are constructed; port of Drupal 5 fix
• #202925 report by beholder, patch by myself: (notice fix) only consider languages with a host set when comparing with the current host in domain language negotiation
• #202895 by cwgordon7, theborg: fix node revision view page load argumnets

The eleventh maintenance and security release of the Drupal 4.7 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcement:

The sixth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcement:

• SA-2008-005 - Drupal core - Cross site request forgery
• SA-2008-006 - Drupal core - Cross site scripting (UTF8)
• SA-2008-007 - Drupal core - Cross site scripting (register_globals)

In addition to this security vulnerability, the following bugs have been fixed since the 5.5 release:

• #173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files
• #179164 by Heine: sort modules by name on the module admin page
• #199640 by webernet: (usability) add option to select no taxonomy term in multiselect forms, not to rely on browser trickery
• #199084 by chx: better conformance with ISO date formats in our xmlrpc code

This release fixes a security issue. See SA-2008-002 - Atom - Access bypass for details.

This is a security release. See the announcement SA-2008-001 - Devel - Cross site scripting for details.