Drupal Release: 5.18

TL;DR

Drupal 5.18 is a maintenance release that addresses several minor bugs and security hardening issues. It includes fixes for admin module display, email header handling, code cleanup, and documentation improvements. This release is important for maintaining the stability and security of Drupal 5.x sites, though the changes are relatively minor in scope.

Highlight of the Release

• Partial rollback of security hardening measures from SA-CORE-2009-003
• Fixed admin modules display with added clear-block styling
• Improved email header handling by removing redundant Reply-to headers
• Code cleanup and documentation improvements

Migration Guide

No migration guide is necessary for this release as it contains minor bug fixes and improvements that don't require specific migration steps. Users can upgrade directly from Drupal 5.17 to 5.18 without special considerations.

Upgrade Recommendations

This is a maintenance release containing bug fixes and minor improvements. While the changes are not critical for all sites, upgrading is recommended to ensure you have the latest fixes and adjustments to previous security hardening measures.

Priority: Medium Difficulty: Low - This is a minor update with minimal changes

For sites currently running Drupal 5.17, upgrading to 5.18 should be straightforward and low-risk. As always, it's recommended to:

1. Back up your database and files before upgrading
2. Test the upgrade on a staging environment if possible
3. Review the changes, particularly if you were affected by SA-CORE-2009-003

Bug Fixes

• Admin Modules Display: Added missing clear-block styling to admin modules page, fixing layout issues (#305544)
• Email Header Handling: Removed unnecessary duplication of the From header value in Reply-to headers, as standards indicate setting the From header should be sufficient (#330084)
• Code Cleanup: Removed unnecessary PHP closing tag ?> to prevent potential whitespace issues (#267305)
• Security Hardening: Partial rollback of SA-CORE-2009-003 security hardening that may have caused unintended side effects (#396224)

New Features

No significant new features were added in this maintenance release. Drupal 5.18 focuses on bug fixes, security adjustments, and code improvements rather than introducing new functionality.

Security Updates

Security Adjustments

The release includes a partial rollback of security hardening measures from SA-CORE-2009-003 (#396224). While this is technically a modification to a previous security fix, it appears to address unintended consequences of the original security hardening rather than fixing a new vulnerability. Site administrators should review this change if they were specifically relying on behaviors introduced in SA-CORE-2009-003.

Performance Improvements

No specific performance improvements were mentioned in the release notes. This release appears to focus on bug fixes, security adjustments, and code improvements rather than performance enhancements.

Impact Summary

Drupal 5.18 is a minor maintenance release that addresses several small but important issues in the Drupal 5.x branch. The changes include fixing display issues in the admin modules section, improving email header handling, cleaning up code by removing unnecessary PHP closing tags, and adjusting previous security hardening measures.

While none of these changes dramatically alter functionality, they contribute to a more stable, secure, and standards-compliant Drupal installation. The email header changes improve compliance with email standards, and the partial rollback of security hardening measures addresses potential issues that may have arisen from the previous security update.

This release demonstrates Drupal's commitment to maintaining older branches with necessary fixes while the community continues to develop newer major versions. For sites still running on Drupal 5.x, this update is worth applying to ensure continued stability and security.