Drupal Release: 5.5

TL;DR

Drupal 5.5 is a minor security and bug fix release that addresses critical issues in database queries and user administration. This update fixes incorrect argument order in db_query_range() function and missing brackets around table names in the user administration interface. While small in scope, these fixes are important for maintaining site security and proper functionality.

Highlight of the Release

• Fixed security vulnerability in database query range function
• Corrected missing brackets around table names in user administration
• Improved overall system stability and security

Migration Guide

No migration steps are required for this update. This is a straightforward bug fix release that can be applied directly without any special migration procedures or considerations.

Upgrade Recommendations

It is strongly recommended that all Drupal 5.x sites update to version 5.5 as soon as possible. The security fix for the database query function is particularly important as it corrects an issue introduced in a previous security update.

The update process should be straightforward:

1. Back up your database and files
2. Replace your existing Drupal core files with the 5.5 release
3. Run the update script by visiting update.php in your browser

No database schema changes are included in this release, so the update should be quick and low-risk.

Bug Fixes

• Fixed argument order in db_query_range() - Corrected the order of arguments in the db_query_range() function that was incorrectly modified in a recent security update. This fix ensures proper database query execution and prevents potential errors. (#198321)

• Added missing brackets around table names - Fixed missing brackets around table names in user.admin.inc, which could cause SQL syntax errors in certain configurations. This ensures proper SQL query formation when managing users through the administration interface. (#194859)

• Minor capitalization corrections - Fixed inconsistent capitalization in various parts of the system.

New Features

No new features were introduced in this release. Drupal 5.5 focuses exclusively on security and bug fixes to maintain system stability and security.

Security Updates

The correction of argument order in db_query_range() function addresses a potential security vulnerability introduced in a previous security update. Improper argument ordering in database queries could potentially lead to unexpected behavior or security issues when handling database operations. This fix ensures that database queries are properly formed and executed as intended.

Performance Improvements

No specific performance improvements were included in this release. The focus was on security and bug fixes rather than performance enhancements.

Impact Summary

Drupal 5.5 is a targeted security and bug fix release that addresses specific issues in database query handling and user administration. While limited in scope, these fixes are important for maintaining site security and proper functionality.

The correction to the db_query_range() function fixes a regression introduced in a previous security update, ensuring that database queries are properly formed and executed. This is particularly important for sites that rely on paginated database results.

The fix for missing brackets around table names in user administration prevents potential SQL syntax errors, ensuring that user management functions work correctly across all supported database systems.

Overall, this release improves the stability and security of Drupal 5.x sites without introducing any breaking changes or requiring special migration steps.