[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/drupal
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Dec 10 23:55:39 UTC 2008
pkgsrc/www/drupal: Makefile distinfo
Update to 5.13
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement:
* SA-2008-073 - Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed
since the 5.12 release:
* #318102 by Damien Tournoud and Dave Reid: hook_exit() not invoked for some
* #278821 by teezee. More isset() checking.
* #293612 by egfrith, Bart Jansens: let user_authenticate() be called without
cookies previously set; allows web service modules to start a session with the
* #123556 by maartenvg and dvdweide. Do not show empty user info categories.
* #294450 by blakehall. Match up DB and form max length.
* More code style removing trivial differences with 6.x.
* #195161 by mcarbone with some modifications: only show 'login to post
comments' if logging in actually lets you post comments. Backport by salvis.
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #280934 follow up by pwolanin: harden the cookie handling in
sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus
reducing the risk of session stealing via XSS
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is
lowercased and only valid characters are allowed.
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN
metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of
items to make stuff easier to find.
To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 pkgsrc/www/drupal/Makefile
cvs rdiff -r1.25 -r1.26 pkgsrc/www/drupal/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |