HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

6.10

Drupal Release: 6.10

Tag Name: 6.10

Release Date: 2/25/2009

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 6.10: Security and Bug Fix Release

This release addresses a critical security vulnerability (SA-CORE-2009-003) and includes numerous bug fixes across core modules. Key improvements include fixes for menu translation, locale module installation, memory handling, and accessibility enhancements. This maintenance release focuses on stability and security rather than introducing new features.

Highlight of the Release

    • Critical security fix (SA-CORE-2009-003)
    • Fixed menu translation issues that were blocking Drupal.org upgrades
    • Improved accessibility with proper 'for' attributes on form labels
    • Increased free tagging field maximum length to 1024 characters
    • Better handling of language-specific URL aliases

Migration Guide

No specific migration steps are required for this maintenance release. This is a standard update that fixes bugs and security issues without introducing breaking changes.

To update to Drupal 6.10:

  1. Back up your database and site files
  2. Put your site into maintenance mode
  3. Replace your existing Drupal core files with the new Drupal 6.10 files, being careful not to overwrite any customizations or contributed modules
  4. Run the update script by navigating to update.php in your browser
  5. Take your site out of maintenance mode

As always, test the update on a development or staging environment before applying to your production site.

Upgrade Recommendations

Priority: Critical

All Drupal 6 sites should upgrade to version 6.10 immediately due to the included security fix (SA-CORE-2009-003). This is a maintenance release that focuses on bug fixes and security improvements without introducing breaking changes, making it a low-risk update with high security benefits.

Sites experiencing any of the specific issues addressed in this release (menu translation problems, locale module installation issues, or PostgreSQL compatibility concerns) will see immediate benefits from upgrading.

The update process follows the standard Drupal core update procedure and should not require any special handling or post-update configuration changes.

Bug Fixes

Menu System

  • Fixed _menu_translate() to prevent returning FALSE before to_arg is available, resolving a Drupal.org upgrade blocker
  • Prevented overwriting local variables in menu_enable() by properly handling the link argument passed by reference to menu_link_save()
  • Fixed handling of menu item descriptions during Drupal 5 to Drupal 6 upgrades
  • Improved menu item submission handling by passing items by reference in menu_nodeapi()

Multilingual Support

  • Optimized locale module installation by skipping empty variable addition when not needed
  • Fixed language handling for links with active class, ensuring proper language detection
  • Improved handling of URL aliases with language specifications by extending the index on the url_alias table

Node System

  • Fixed node_feed() to use the same API functions as node_view(), ensuring custom fields appear in output
  • Set node format to 0 in node_submit() when body is turned off to avoid notices
  • Prevented empty anchor tags in search index output

Performance & Caching

  • Improved static caching in module_list() by setting to NULL instead of using unset()
  • Removed static caching of clean URLs setting in url() to help automated tests
  • Disabled page cache for drupal.sh requests

Forms & Accessibility

  • Added 'for' attribute to label tags on checkboxes and radio buttons for accessibility
  • Fixed handling of disabled checkboxes to properly receive default values
  • Increased free tagging field maximum length to 1024 characters

System

  • Fixed incorrect memory shortage warning when memory limit is unlimited
  • Enhanced phpinfo page to provide more comprehensive system information
  • Fixed table aliasing in UPDATE query in system_update_6001() for PostgreSQL compatibility
  • Moved LANGUAGE_* constants to bootstrap.inc for consistent availability

Other

  • Fixed tracking/limiting of recursive invocations in actions_do()
  • Corrected documentation error in database.inc regarding 'unique keys'
  • Fixed double escaping of usernames in blog.module
  • Added missing primary table and field specification in db_rewrite_sql() when called from taxonomy_overview_terms()

New Features

No significant new features were introduced in this maintenance release. Drupal 6.10 focuses on security fixes and bug corrections to improve stability and performance of existing functionality.

Security Updates

This release includes a critical security fix:

  • SA-CORE-2009-003: Fixed a security vulnerability identified and patched by Heine and bjaspan. This is a critical security update that all Drupal 6 site administrators should apply immediately.

While specific details about the vulnerability are not provided in the commit messages (as is standard practice for security issues), the fix is included in this release and addresses a significant security concern.

Performance Improvements

  • Improved Static Caching: Modified module_list() to set its static variable to NULL instead of using unset(), preventing retention of values and improving memory management.

  • URL Alias Performance: Enhanced the database index on the url_alias table to include the language column, optimizing queries that filter on both source and language.

  • Caching Optimization: Disabled page cache for drupal.sh requests, preventing unnecessary cache operations for these special requests.

  • Memory Handling: Improved detection and reporting of memory conditions, with better handling when memory limit is set to unlimited.

  • Recursive Action Handling: Optimized the tracking and limiting of recursive invocations of actions_do(), improving performance when multiple actions are triggered.

Impact Summary

Drupal 6.10 is primarily a security and bug fix release that addresses a critical security vulnerability (SA-CORE-2009-003) along with numerous bugs across core modules. The impact is largely positive, improving system stability, fixing edge cases, and enhancing compatibility.

The security fix alone makes this an essential update for all Drupal 6 sites. Beyond security, the release resolves several long-standing issues with the menu system, improves multilingual support, enhances accessibility, and fixes database compatibility issues with PostgreSQL.

For developers, the improvements to reference handling in menu functions and better static caching behavior will lead to more predictable code behavior. Content editors benefit from increased tagging field length and better handling of custom fields in feeds.

Site administrators will appreciate the improved system information page and better memory handling. The fixes for URL aliases with language specifications will particularly benefit multilingual sites.

Overall, this release represents an important maintenance update that strengthens Drupal 6's security and reliability without introducing breaking changes or requiring significant adaptation from users.

Statistics:

File Changed26
Line Additions122
Line Deletions70
Line Changes192
Total Commits28

User Affected:

  • Critical security vulnerability fix (SA-CORE-2009-003) requires immediate attention
  • Improved memory handling with better error messages for memory shortage conditions
  • More comprehensive phpinfo page for better system diagnostics

Contributors:

gobadbuytaert