Drupal Release: 4.7.7

TL;DR

Drupal 4.7.7: Bug Fix and Security Update

This minor release addresses several critical bugs and security issues in Drupal 4.7.x. Key improvements include fixes for form validation, comment handling, JavaScript compatibility with Internet Explorer, and email delivery improvements to prevent messages from being flagged as spam. This update also resolves issues with URL encoding, node previews, and race conditions in block handling.

Highlight of the Release

• Fixed issue with attachments not displaying in node previews
• Improved email delivery to prevent messages from being flagged as spam by SPF
• Fixed Internet Explorer compatibility issues with textarea.js
• Corrected form validation in user login process
• Resolved race condition in block handling

Migration Guide

No specific migration steps are required for this update. This is a maintenance release that fixes bugs and improves security without introducing breaking changes.

To update:

1. Back up your database and site files
2. Replace your existing Drupal core files with the 4.7.7 release
3. Run the update script by visiting update.php in your browser

No database schema changes are included in this release.

Upgrade Recommendations

All sites running Drupal 4.7.x should upgrade to this release as soon as possible. The fixes for email delivery, form validation, and Internet Explorer compatibility address important functionality issues that could affect site operations.

This is a maintenance release with no breaking changes, making it a low-risk upgrade that improves stability and security.

Bug Fixes

• Registration Form Display: Fixed issue where new profile fields added to registration form were incorrectly displaying above Account Information (#114103)
• Node Preview: Resolved bug where new attachments were not shown in node preview (#68690)
• JavaScript Array Handling: Fixed issue where drupal_to_js() was incorrectly converting empty arrays to objects (#121876)
• Block Handling: Fixed and then reverted a patch for race condition in _block_rehash() (#80963)
• Login Validation: Corrected improper use of form_set_error() in user_login_validate() (#133865)
• Comment Logging: Fixed issue causing duplicate comment entries in watchdog logs (#130215, #60664)
• Internet Explorer Compatibility: Resolved compatibility issues with textarea.js in Internet Explorer (#101305)
• HTML Output: Fixed issue where check_plain('') incorrectly returns </p> (#103079)
• URL Encoding: Fixed edge cases in Drupal.encodeURIComponent() and drupal_urlencode() functions (#158687)

New Features

No new features were added in this maintenance release. Drupal 4.7.7 focuses exclusively on bug fixes, security improvements, and documentation updates.

Security Updates

• Email Delivery: Improved email headers to prevent Drupal-generated emails from being flagged as spam by SPF (Sender Policy Framework) checks (#133789)

Performance Improvements

• Rate Limiting: Added limit to wget to run only once per second to prevent server overload (#150972)

Impact Summary

Drupal 4.7.7 is a maintenance release that addresses several important bugs and security concerns without introducing new features. The fixes improve site stability, user experience, and security.

Key impacts include:

1. Improved Email Deliverability: The fix for SPF compatibility helps ensure site emails reach users rather than being marked as spam.

2. Better Browser Compatibility: Fixes for Internet Explorer compatibility issues with textareas improve the editing experience for users on that browser.

3. Enhanced User Experience: Corrections to the registration form layout, login validation, and node preview functionality provide a more consistent and reliable user experience.

4. Increased Stability: Fixes for race conditions and proper handling of JavaScript arrays and URL encoding edge cases improve overall site stability.

This release demonstrates Drupal's commitment to maintaining stable, secure software through regular maintenance updates.