Drupal Release: 4.3.2

TL;DR

Drupal 4.3.2 is a maintenance release that addresses several important bugs affecting user management, content display, taxonomy, and site configuration. This update improves stability and security by fixing issues with password resets, user roles, content display, and taxonomy term handling. Site administrators should upgrade to ensure proper functionality of user accounts, content management, and site settings.

Highlight of the Release

• Fixed security issue preventing password resets for blocked user accounts
• Resolved bug where content would lose taxonomy terms after status changes
• Fixed 'Who is online' block to respect user list length settings
• Improved teaser display with proper paragraph tag handling
• Added Apache 2 specific configuration instructions

Migration Guide

No specific migration steps are required for this maintenance release. Standard Drupal update procedures should be followed:

1. Back up your database and site files before upgrading
2. Put your site into maintenance mode
3. Replace the core files with the new 4.3.2 release
4. Run the update script by navigating to update.php in your browser
5. Take your site out of maintenance mode

No database schema changes or special configuration updates are needed for this release.

Upgrade Recommendations

This release contains important bug fixes that affect user management, content display, and taxonomy functionality. The security improvement preventing password resets for blocked accounts is particularly important for site security.

Recommendation: All sites running Drupal 4.3.1 should upgrade to 4.3.2 as soon as possible to ensure proper functionality and security of user accounts, content management, and site settings.

The upgrade is straightforward with no known compatibility issues or database schema changes required.

Bug Fixes

User Management Fixes

• Fixed bug #4416: Added status checks to user_pass() to prevent sending new passwords to blocked user accounts, improving security
• Fixed bug #4667: Resolved issue where users with deleted roles were incorrectly placed back into the authenticated users pool
• Made the "Who is online" block respect the "user list length" settings (Patch #181 by Jeremy)

Content Management Fixes

• Fixed bug #4457: Improved teaser display by ensuring proper cutting after the </p> tag rather than before it
• Fixed bug #4652: Resolved issue where nodes were losing their taxonomy terms after being promoted, declined, or expired
• Fixed container display issue to prevent showing inappropriate links (Patch by Bart)

System Fixes

• Fixed bug #4771: Corrected variable retrieval syntax from variable_get(site_name, ...) to variable_get('site_name', ...)
• Fixed three incorrect usages of format_interval() for better translation support (Patch by Goba)
• Backported character encoding fix from UnConeD

New Features

No significant new features were added in this maintenance release. This update focuses on bug fixes and stability improvements to existing functionality.

Security Updates

Security Improvements

• Fixed bug #4416: Added status checks to the user_pass() function to prevent the system from mailing new passwords to blocked user accounts, closing a potential security vulnerability where blocked users could regain access

Performance Improvements

No specific performance improvements were mentioned in the release notes. This update primarily focuses on bug fixes and stability improvements rather than performance enhancements.

Impact Summary

Drupal 4.3.2 delivers critical fixes that improve the stability and security of Drupal sites. The most significant impacts include:

1. Enhanced security through preventing password resets for blocked accounts, closing a potential security vulnerability
2. Improved content management by fixing issues with taxonomy terms being lost during content status changes
3. Better user experience with fixes to the "Who is online" block and proper teaser display
4. Increased stability by addressing several bugs related to user roles and system variables

While this is a maintenance release without new features, the bug fixes address important functionality issues that could affect site operation and security. Site administrators should prioritize this update to ensure their Drupal installation functions correctly and securely.