Club Drupal

Drupal 7.52, 2016-11-16

-----------------------

- Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-005.

Drupal 7.51, 2016-10-05

-----------------------

- The Update module now also checks for updates to a disabled theme that is

  used as an admin theme.

- Exceptions thrown in dblog_watchdog() are now caught and ignored.

- Clarified the warning that appears when modules are missing or have moved.

- Log messages are now XSS filtered on display.

- Draggable tables now work on touch screen devices.

- Added a setting for allowing double underscores in CSS identifiers

  (https://www.drupal.org/node/2810369).

- If a user navigates away from a page while an Ajax request is running they

  will no longer get an error message saying "An Ajax HTTP request terminated

  abnormally".

- The system_region_list() API function now takes an optional third parameter

  which allows region name translations to be skipped when they are not needed

  (API addition: https://www.drupal.org/node/2810365).

- Numerous performance improvements.

- Numerous bug fixes.

- Numerous API documentation improvements.

- Additional automated test coverage.

Drupal 7.50, 2016-07-07 

-----------------------

- Added a new "administer fields" permission for trusted users, which is

  required in addition to other permissions to use the field UI

  (https://www.drupal.org/node/2483307).

- Added clickjacking protection to Drupal core by setting the X-Frame-Options

  header to SAMEORIGIN by default (https://www.drupal.org/node/2735873).

- Added support for full UTF-8 (emojis, Asian symbols, mathematical symbols) on

  MySQL and other database drivers when the site and database are configured to

  allow it (https://www.drupal.org/node/2761183).

- Improved performance by avoiding a re-scan of directories when a file is

  missing; instead, trigger a PHP warning (minor API change:

  https://www.drupal.org/node/2581445).

- Made it possible to use any PHP callable in Ajax form callbacks, form API

  form-building functions, and form API wrapper callbacks (API addition:

  https://www.drupal.org/node/2761169).

- Fixed that following a password reset link while logged in leaves users unable

  to change their password (minor user interface change:

  https://www.drupal.org/node/2759023).

- Implemented various fixes for automated test failures on PHP 5.4+ and PHP 7.

  Drupal core automated tests now pass in these environments.

- Improved support for PHP 7 by fixing various problems.

- Fixed various bugs with PHP 5.5+ imagerotate(), including when incorrect

  color indices are passed in.

- Fixed a regression introduced in Drupal 7.43 that allowed files uploaded by

  anonymous users to be lost after form validation errors, and that also caused

  regressions with certain contributed modules.

- Fixed a regression introduced in Drupal 7.36 which caused the default value

  of hidden textarea fields to be ignored.

- Fixed robots.txt to allow search engines to access CSS, JavaScript and image

  files.

- Changed wording on the Update Manager settings page to clarify that the

  option to check for disabled module updates also applies to uninstalled

  modules (administrative-facing translatable string change).

- Changed the help text when editing menu links and configuring URL redirect

  actions so that it does not reference "Drupal" or the drupal.org website

  (administrative-facing translatable string change).

- Fixed the locale safety check that is used to ensure that translations are

  safe to allow for tokens in the href/src attributes of translated strings.

- Fixed that URL generation only works on port 80 when using domain based

  language negotation.

- Made method="get" forms work inside the administrative overlay. The fix adds

  a new hidden field to these forms when they appear inside the overlay (minor

  data structure change).

- Increased maxlength of menu link title input fields in the node form and

  menu link form from 128 to 255 characters.

- Removed meaningless post-check=0 and pre-check=0 cache control headers from

  Drupal HTTP responses.

- Added a .editorconfig file to auto-configure editors that support it.

- Added --directory option to run-tests.sh for easier test discovery of all

  tests within a project.

- Made run-tests.sh exit with a failure code when there are test fails or

  problems running the script.

- Fixed that cookies from previous tests are still present when a new test

  starts in DrupalWebTestCase.

- Improved performance of queries on the {authmap} database table.

- Fixed handling of missing files and functions inside the registry.

- Fixed Ajax handling for tableselect form elements that use checkboxes.

- Fixed a bug which caused ip_address() to return nothing when the client IP

  address and proxy IP address are the same.

- Added a new option to format_xml_elements() to allow for already encoded

  values.

- Changed the {history} table's node ID field to be an unsigned integer, to

  match the same field in the {node} table and to prevent errors with very

  large node IDs.

- Added an explicit page callback to the "admin/people/create" menu item in the

  User module (minor data structure change). Previously this automatically

  inherited the page callback from the parent "admin/people" menu item, which

  broke contributed modules that override the "admin/people" page.

- Numerous small bug fixes.

- Numerous API documentation improvements.

- Additional automated test coverage.