Log Message:
Update to 6.7

The seventh maintenance and security release of the Drupal 6 series. Only fixes \ 
for security vulnerabilities and other bugs have been committed. New features \ 
are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade \ 
immediately after reading the security announcement:

* SA-2008-073 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed \ 
since the 6.6 release:

* - Patch #324118 by winterheart: fixed invalid XHTML being generated for forum \ 
topic listings.
* - Patch #329019 by dww, sun: fixed PHP warning.
* #315739 by sun: The theme name is in arg(4) on the block admin page, so only \ 
redirect to theme specific page if that is set.
* - Patch #329646 by Damien Tournoud: properly reset user_access().
* - Patch #255293 by Gribnif, maartenvg: incorrect regex causes some aggregated \ 
CSS to fail.
* #329998 by pwolanin: escape markup looking non-HTML tags in schema descriptions
* #258089 by JohnAlbin, Arancaytar, merlinofchaos: themes cannot have a \ 
preprocess function without a corresponding .tpl.php file
* #255150 by dropcube, tested by catch, asimmonds: content type names were \ 
double escaped on create content page
* #329660 by pwolanin: node_configure_validate() should be replaced with a \ 
#submit handler to conform to FormAPI rules
* #299742 by Darren Oh: missing #ahah support on checkboxes
* #193580 follow up by gpk: late but important changelog entry for Drupal 6.0
* #302638 by pwolanin: avoid running several no-op queries while the menu is \ 
being rebuilt; improves performance
* Rolling back #302638, it caused problems reported in #328110
* #319165 by Alex_Tutubalin: add explicit UTF-8 client encoding setting for \ 
PostgreSQL
* - Patch #277644 by lilou: documentation improvement.
* - Patch #335385 by Dave Reid: fixed maxlength of path alias fields to be \ 
consistent with the database.
* - Patch #337454 by earnie: fixed the phpdoc of drupal_render_form().
* - Patch #293370 by swentel et al: make block sorting work when there are more \ 
than 20 blocks.
* - Patch #325908 by kbahey: removed redundant cache flusing.
* - Patch #281131 by Damien Tournoud: document the missing quote in .htaccess.
* - Patch #336115 by Nedjo: better documentation for t().
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is \ 
lowercased and only valid characters are allowed.
* #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() \ 
by setting our session cookie to be an HTTP only cookie, thus reducing the risk \ 
of session stealing via XSS
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN \ 
metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of \ 
items to make stuff easier to find.
* #305653 by snowball43, cdale, Dave Reid, sun: All themes were disabled when \ 
update.php was run
* #344661 by Dave Reid: fix phpdoc documentation on \ 
translation_translation_link_alter()
* #333060 by neclimdul, merlinofchaos, dvessel: child themes did not inherit \ 
patterns correctly, so more specific template files are not detected
* #206138 by pwolanin et al: little documentation fix for node base module name \ 
handling
* #276111 by pwolanin, meba and myself: disallow possibly dangerous submissions \ 
in locale translations and imports
* #345167 by JacobSingh, pwolanin, Heine: drupal_http_request() includes an \ 
extra CRLF, not conformant to HTTP specs

http://drupal.org/node/345462