Next | Query returned 57 messages, browsing 21 to 30 | Previous

History of commit frequency

CVS Commit History:


   2008-08-15 17:54:08 by Takahiro Kambe | Files touched by this commit (3)
Log message:
Update drupal package to 5.10.

Drupal 5.10, 2008-08-13
-----------------------
- fixed a variety of small bugs.
- fixed security issues, (Cross site scripting, Arbitrary file uploads via
  BlogAPI and Cross site request forgery), see SA-2008-047
   2008-07-31 21:09:53 by Adrian Portelli | Files touched by this commit (2)
Log message:
This release fixes a security vulnerability. Sites are urged to upgrade \ 
immediately after reading the security announcement:

    * SA-2008-046 - Drupal core - Session fixation

In addition to this security vulnerability, the following bugs have been fixed \ 
in the 5.9 release:

    * #281042 by schuyler1d. Render blocks before CSS and JS header generation.
    * #232433 by Damien Tournoud. Use non-localized date for RSS.
    * #281494 by beeradb. Code style.
    * #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division \ 
by zero, when all search weights are set to 0.
    * #252921 by David_Rothstein and agentrickard: remove unused join, which \ 
caused column type compatibility problems with postgresql; improves postgresql \ 
compatibility.
    * #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries \ 
on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions
    * #280934. Make sure session is always regenerated.
   2008-07-10 23:11:02 by Adrian Portelli | Files touched by this commit (2) | Package updated
Log message:
Update to 5.8

All the details of the changes can be found here: http://drupal.org/node/280586
The main reason for this update is to fix a known security issue:
http://drupal.org/node/280571
   2008-05-26 04:13:26 by Joerg Sonnenberger | Files touched by this commit (274)
Log message:
Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
   2008-04-06 12:12:35 by Adrian Portelli | Files touched by this commit (1)
Log message:
Add CONFLICTS for upcoming drupal 6 import
   2008-03-05 22:35:40 by Adrian Portelli | Files touched by this commit (2)
Log message:
Drupal 5.7
* 208700 by pwolanin. Fix bad backport of #194579. Modified to use Form API.
* 118569 by bevan: document how should one set RewriteBase, if under a \ 
VirtualDocumentRoot. Backport by Bart Jansens.
* Patch 115606 by Junyor, thesaint_02: added support for PHP 5.2's 'recoverable \ 
fatal errors'.
* 209409 by Heine, webernet, dww: more accurate register globals value checking
   2008-01-11 13:37:11 by Adrian Portelli | Files touched by this commit (2)
Log message:
Update to 5.6

This release fixes security vulnerabilities. Sites are urged to upgrade \ 
immediately. For more details, please see the security announcement:
SA-2008-005 - Drupal core - Cross site request forgery
SA-2008-006 - Drupal core - Cross site scripting (UTF8)
SA-2008-007 - Drupal core - Cross site scripting (register_globals)

In addition to this security vulnerability, the following bugs have been fixed \ 
since the 5.5 release:
173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files
179164 by Heine: sort modules by name on the module admin page
199640 by webernet: (usability) add option to select no taxonomy term in \ 
multiselect forms, not to rely on browser trickery
199084 by chx: better conformance with ISO date formats in our xmlrpc code
173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: \ 
document support in url() and l() and proper active class support for .
89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll editing.
64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since \ 
it is a count() query.
200338 by m3avrck and quicksketch: fix transparent GIF resizing
194652 by Heine: specify explicit accept-charset for forms to avoid browser guessing
182410 by greggles: HTTP Basic authentication username and password was parsed \ 
in drupal_http_request() but then not used in the request
- Patch 201894 by David Rothstein: fixed typo in user output.
180126 by mmoreno, drewish and scor: add realpath() call to file_save_data(), so \ 
Windows will create temporary files properly
115689 by chx: new content types should not overwrite old ones. Backport by Pancho.
203727 by Arancaytar. More effectively use hook API.
204855 by webernet. Add missing * in documentation.
168315 by schuyler1d: previous active database name was not consistently \ 
returned in db_set_active()
- Patch 199955 by saxofaan: file_upload_max_size() returns results in bytes, not \ 
in mega bytes.
194579 patch by pwolanin: clear filter cache when allowed HTML tags \ 
configuration changes in an input format
#166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages.
58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN on \ 
editing.
Partial backport of 112715 to fix 124641.

Changes from 5.4 -> 5.5
Fixed missing missing brackets in a query in the user module.
Fixed taxonomy feed bug introduced by SA-2007-031
   2007-12-06 00:16:19 by Adrian Portelli | Files touched by this commit (2)
Log message:
This release fixes a security vulnerability. Sites are urged to upgrade \ 
immediately. For more details, please see the security announcement:

* SA-2007-031 - Drupal core - SQL Injection possible when certain contributed \ 
modules are enabled

In addition to this security vulnerability, the following bugs have been fixed \ 
since the 5.2 release:

* 178478 by scor: typo in text displyed when the DB is installed but not accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order comments \ 
by cid (ie. original submission order) instead of timestamp (ie. last editing \ 
time order) to avoid comments jumping around when being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not \ 
booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried \ 
over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in install \ 
system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited accounts so \ 
they are exempt from the spam protection we have for accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term \ 
was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
   2007-10-18 15:01:36 by Adrian Portelli | Files touched by this commit (2)
Log message:
Update to 5.3

Fix a number of security issues:
SA-2007-024 - Drupal Core - HTTP response splitting
SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
SA-2007-026 - Drupal Core - Cross site scripting via uploads
SA-2007-029 - Drupal Core - User deletion cross site request forgery
SA-2007-030 - Drupal Core - API handling of unpublished comment

Bugs:
Redirect to home page after user registration requiring admin approval.
More correct wording since some modules will actually work despite warning.
variable search_cron_limit was not removed on search uninstall
Append to instead of overwrite #suffix.
hide administration pages links on module help pages if there are no admin links \ 
for the module

See http://drupal.org/node/184395 for all the details
   2007-07-27 23:44:32 by Adrian Portelli | Files touched by this commit (2)
Log message:
Update to 5.2
Fix two security issues:
	http://drupal.org/node/162360
	http://drupal.org/node/162361

Next | Query returned 57 messages, browsing 21 to 30 | Previous