Drupal Release: 6.38

TL;DR

Drupal 6.38 is a security-focused release that addresses critical vulnerabilities (SA-CORE-2016-001) and includes documentation improvements. This update is essential for all Drupal 6 sites to protect against potential security exploits. While Drupal 6 is no longer officially supported, this release provides crucial security patches for sites that haven't yet migrated to newer versions.

Highlight of the Release

• Critical security update (SA-CORE-2016-001) addressing vulnerabilities in Drupal 6
• Documentation improvements for several core functions including drupal_goto() and watchdog()
• Fixed broken links in robots.txt file and related documentation
• Minor formatting improvements to CHANGELOG.txt

Migration Guide

No specific migration guide is provided for this release as it contains security fixes and documentation improvements that don't require migration steps.

However, it's important to note that Drupal 6 reached end-of-life status in February 2016. Site owners should be planning migration to Drupal 7 or preferably Drupal 8/9 as soon as possible, as security support for Drupal 6 is now limited to critical vulnerabilities only, and even that extended support may not continue indefinitely.

Upgrade Recommendations

Immediate upgrade strongly recommended for all Drupal 6 sites.

This release contains critical security fixes (SA-CORE-2016-001) that protect your site from potential vulnerabilities. All Drupal 6 site owners should update to version 6.38 as soon as possible, even though Drupal 6 is no longer officially supported.

Long-term recommendation: Since Drupal 6 reached end-of-life status in February 2016, site owners should prioritize migration to a supported Drupal version (7, 8, or 9) to ensure continued security updates and support.

Bug Fixes

• Fixed broken link in robots.txt syntax checking documentation (Issue #2276469)
• Fixed broken link in robots.txt file (Issue #2290435)
• Corrected instances of "the the" to "the" in documentation (Issue #2417983)
• Improved CHANGELOG.txt formatting (Issue #2499823)

New Features

No new features were added in this release. Drupal 6.38 is primarily a security update with documentation improvements.

Security Updates

This release includes critical security fixes identified as SA-CORE-2016-001. While specific details about the vulnerabilities are not provided in the commit messages (as is standard practice for security issues), the update addresses important security concerns that could potentially be exploited on Drupal 6 sites.

The security update was contributed by a large team of Drupal security experts including agerard, Alan Evans, benjy, catch, chx, dalin, Damien Tournoud, DamienMcKenna, Dave Cohen, Dave Reid, David Jardin, David_Rothstein, dmitrig01, dsnopek, effulgentsia, fgm, greggles, Gábor Hojtsy, Harry Taheem, Heine, John Morahan, Juho Nurminen 2NS, klausi, larowlan, nagba, Pere Orga, plach, pwolanin, quicksketch, rickmanelius, scor, sun, Tarpinder Grewal, and YesCT.

Performance Improvements

No specific performance improvements were included in this release. The focus was on security fixes and documentation updates.

Impact Summary

Drupal 6.38 is primarily a security release addressing critical vulnerabilities through SA-CORE-2016-001. While the specific nature of these vulnerabilities isn't detailed in the commit messages (standard practice for security issues), the update is essential for all Drupal 6 sites.

The release also includes several documentation improvements, including fixes to broken links in robots.txt, clarification of character limits and error levels in the watchdog() function, improved documentation for drupal_goto() and db_add_field functions, and minor text corrections throughout the codebase.

It's important to note that this release comes after Drupal 6's official end-of-life date (February 2016), representing continued limited security support for sites that haven't yet migrated to newer Drupal versions. Site owners should view this as an essential security update while simultaneously planning migration to supported Drupal versions.