Drupal Release: 5.11

TL;DR

Drupal 5.11 is a maintenance release that addresses several important bugs and security issues. It fixes problems with SSL cookies, PostgreSQL installation, URL handling, and improves module functionality. This update focuses on stability and security rather than introducing new features.

Highlight of the Release

• Fixed SSL cookie handling to prevent non-SSL cookies from overwriting secure cookies
• Improved PostgreSQL installation and update process
• Fixed poll module to prevent data loss when poll options are removed
• Added ability to clear XML-RPC error cache for multiple queries in one request
• Fixed directory scanning to properly handle directories named '0'

Migration Guide

No specific migration steps are required for this maintenance release. Standard update procedures apply:

1. Back up your database and site files before updating
2. Replace all core files and directories except for the sites directory
3. Run the update script by visiting update.php in your browser
4. Clear caches after the update is complete

No database schema changes or API modifications that would require code changes in custom modules are included in this release.

Upgrade Recommendations

This is a recommended security and bug fix release for all Drupal 5.x sites. All site administrators should upgrade to Drupal 5.11 as soon as possible, especially if you:

• Use PostgreSQL as your database
• Rely on SSL for secure user sessions
• Use the poll module extensively
• Have modules installed outside the standard modules directory
• Make use of XML-RPC functionality

The update addresses several important security issues and bug fixes that could affect site stability and security.

Bug Fixes

• SSL Cookie Handling: Fixed an issue where non-SSL cookies could overwrite SSL cookies, potentially causing security problems (#170310)
• PostgreSQL Support: Fixed installation and update issues specific to PostgreSQL databases (#296096)
• Update System: Ensured updates are executed in numeric order rather than definition order for more reliable system updates (#246143)
• Directory Scanning: Fixed file_scan_directory() function to properly scan directories named '0', which were previously ignored (#230932)
• XML-RPC Functionality: Added xmlrpc_clear_error() function to clear the XML-RPC error cache, enabling multiple queries in a single request (#208270)
• Poll Module: Fixed data loss bug in poll module by moving votes with poll options when an option is removed instead of dropping all old votes (#67895)
• Module Requirements: Fixed hook_requirements('install') to work correctly for modules not located in the main './modules' folder (#312730)
• URI Mail Token: Fixed the uri_brief mail token to properly support https URLs (#265899)
• HTTP Status Codes: Corrected HTTP status code returned for failed connections (#298535)
• User Authentication: Fixed user authentication from external sources for existing users (#283026)

New Features

No significant new features were introduced in this maintenance release. Drupal 5.11 focuses on bug fixes, security improvements, and compatibility enhancements to the existing functionality.

Security Updates

• SSL Cookie Protection: Fixed an issue where non-SSL cookies could overwrite SSL cookies, potentially exposing secure session data (#170310)
• XSS Prevention: Enhanced security by disallowing the param HTML tag in filter_xss_admin(), which is only meaningful inside the already disallowed object tag, preventing potential XSS vulnerabilities (#280621)
• Authentication Security: Improved user authentication from external sources for existing users (#283026)

Performance Improvements

No specific performance improvements were highlighted in this release. The focus was primarily on bug fixes and security enhancements rather than performance optimizations.

Impact Summary

Drupal 5.11 is primarily a maintenance release that addresses several important bugs and security issues without introducing new features. The most significant improvements include fixing SSL cookie handling to prevent security vulnerabilities, resolving PostgreSQL installation and update issues, preventing data loss in the poll module, and improving module compatibility for non-standard installations.

For site administrators, this update provides important security enhancements and fixes that improve site stability. Developers will benefit from fixes to core functions like XML-RPC handling and directory scanning. Content editors using polls will no longer experience data loss when modifying poll options.

While this release doesn't introduce new functionality, it strengthens the foundation of Drupal 5.x by addressing several long-standing issues and improving compatibility across different server configurations.