Upgrading Drupal

I upgraded to 4.7.x last night and now I can't get logged out. Well, actually I can get logged out, but I (and my users I assume) are still showing logged in. I've done the usual clearing browser cache, deleting site cookies, mysql delete from cache...

Is there something one can do to fix this?

Its my first error in one of my 12 drupal online upgrade, i receive this when i click to the setting administration page

warning: implode(): Bad arguments. in /home/web/dwebmaster/includes/form.inc on line 1146.

i upgrade with no errors from 4.7 rc2 to 4.7.1

Thank you

I just upgraded from 4.5 to 4.7. The upgrade basically went without a hitch. Excellent! :)

Question, though.

I'm quite sure that in drupal 4.5, with clean url's on and working, an image (at say, node/456) embedded with:

<img src="gallery/1.jpg">

would result in the image at www.sitename.com/gallery/1.jpg displaying.

Sorry for cross posting from http://drupal.org/node/65821, but I got the following error message after upgrading a site from 4.6.5 to 4.7.0. It seems to suggest that search will not work properly in the updated site, but I am not sure. Any suggestions/clarifications would be be welcome:

Drupal database update

Hi

I just patched my old 4.7.0 version of drupal with the 2 patches as mentioned in http://drupal.org/drupal-4.7.1 .It is also written that i need to upgrade my database. I can see the difference in database . But dont know how to apply it, i mean upgrade my existing database with the new one.

the diff of two versions are:

Hi Drupal-Folks.

I have been running some Drupal-Sites in the past, all on webspace hosted by providers giving rather standard environments. So, the usual steps to get a Drupal up and running involved begging for the LOCK TABLES privileg for my mysql-user or removing the locking code from some files (in the hope that no concurrent access will ever happen) etc. But there is one point all those providers (even my current one who gives me even ssh access and cronjobs) will not allow - the use of a .htaccess as complicated as the one shipping with Drupal. So, in the past, I just deleted the .htaccess from the Drupal distribution, lived without url-rewriting and did not think about it any more.

Now, with the 4.7.1-release, there seams to be security-relevant stuff in the .htaccess. Still I cannot use it. So I have to find out now how secure / unsecure my sites have to be without that .htaccess. If you think that my question just points to the wrong approach ("switch to a provider that allows .htaccess"...) be aware that a big percentage of Drupal sites will have similar setups, and I wonder how many will be affected by the security problems that were fixed in 4.7.1 even after an upgrade, because the admins (have to) remove the .htaccess and are used to do so.

• Do the vulnerabilities only appear for users that are allowed to upload content?
• Exactly which vulnerabilities will stay open if I have NO .htaccess on my 4.7.1-site?