HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

6.9

Drupal Release: 6.9

Tag Name: 6.9

Release Date: 1/14/2009

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 6.9: Maintenance and Bug Fix Release

Drupal 6.9 is primarily a maintenance release that addresses several bugs and improves system stability. Key improvements include fixes to HTTP request handling, language selection for domains, session management, and form handling. This release focuses on enhancing reliability rather than introducing new features, making it an important update for maintaining secure and stable Drupal 6 sites.

Highlight of the Release

    • Improved HTTP request handling to fix issues with interactive authentication and redirects
    • Fixed domain-based language selection to use HTTP_HOST instead of SERVER_NAME
    • Enhanced session security by only regenerating sessions for the current global user
    • Fixed hook_boot() execution on non-cached pages with aggressive caching enabled
    • Improved form handling in various components including comment controls and profile module

Migration Guide

No specific migration steps are required for this maintenance release. As with any Drupal update, it's recommended to:

  1. Back up your database and files before updating
  2. Put your site in maintenance mode
  3. Replace your existing Drupal files with the new version, keeping your sites directory and any custom modifications
  4. Run update.php to apply any database changes
  5. Take your site out of maintenance mode

This release does not introduce any API changes that would require modifications to custom modules or themes.

Upgrade Recommendations

Priority: Medium

This release contains important bug fixes that improve stability and security, particularly for sites using multilingual features, PostgreSQL databases, or those experiencing issues with HTTP request handling.

While there are no critical security fixes announced in this release, the improvements to session handling and HTTP request validation enhance overall security. Sites experiencing any of the specific issues addressed in this release should upgrade promptly.

For most sites, upgrading from Drupal 6.8 to 6.9 should be straightforward with minimal risk, as this is primarily a maintenance release with bug fixes rather than new features or API changes.

Bug Fixes

HTTP Request Handling

  • Fixed issues with HTTP request failure detection that previously caused problems for sites with interactive authentication, redirects, or hosting-added JavaScript (#245990)
  • Improved HTTP request checking to be less intrusive while maintaining security

Form Handling

  • Fixed poll_choice_js to properly use FAPI2 (#331708)
  • Added missing form_state parameter to comment_controls() function (#328977)
  • Fixed profile module selection type to properly handle items on separate lines rather than breaking on commas (#323386)
  • Removed unnecessary unset($edit) from _form_builder_handle_input_element() (#356782)
  • Only adding upload submit handler when the upload form is actually added (#347485)

Multilingual Support

  • Fixed language selection for domains to use HTTP_HOST instead of SERVER_NAME (#262920)
  • Fixed SQL query in locale import that had too many arguments (#353886)
  • Fixed redirect after translation import to go to the correct page (#347228)

Database and Performance

  • Added check to prevent creating global constraints twice in PostgreSQL (#257009)
  • Fixed actions_list() cache reset when running actions_synchronize() (#308526)

Session Management

  • Enhanced security by only regenerating sessions if the user is the current global user (#169937)

Other Fixes

  • Fixed hook_boot() not being called on non-cached pages when aggressive caching was enabled (#323474)
  • Updated LICENSE.txt with the latest version of GPL2 text (#61108)
  • Removed unused $update_node variable from node module (#344052)
  • Improved URL validation in valid_url() function (#124492)
  • Fixed issues when HTTP_HOST is not transmitted (#346285)

New Features

No significant new features were introduced in this maintenance release. Drupal 6.9 focuses on bug fixes and stability improvements to enhance the reliability of existing functionality.

Security Updates

Security Improvements

  • Session Management: Enhanced security by only regenerating sessions if the user is the current global user (#169937), which helps prevent potential session-related vulnerabilities.

  • HTTP Request Handling: Improved the security of HTTP request checking while making it less intrusive (#245990), providing better protection against certain types of attacks while maintaining compatibility with various hosting environments.

  • URL Validation: More accurate checking for valid URLs in the valid_url() function (#124492) helps prevent potential security issues related to URL handling.

While not explicitly labeled as security fixes, these improvements help maintain the overall security posture of Drupal 6 installations.

Performance Improvements

  • Optimized HTTP Request Handling: The improvements to HTTP request checking make the process less intrusive while maintaining security, potentially reducing overhead for certain types of requests.

  • Session Management: The fix to only regenerate sessions when necessary (for the current global user) reduces unnecessary processing and improves performance for sites with many concurrent users.

  • Actions Cache Management: Properly resetting the actions_list() cache on actions_synchronize() prevents stale cache issues that could affect performance.

  • Hook Execution: Fixed hook_boot() execution on non-cached pages with aggressive caching enabled, ensuring proper initialization without performance penalties.

Impact Summary

Drupal 6.9 is a maintenance release that focuses on fixing bugs and improving system stability rather than introducing new features. The most significant improvements address HTTP request handling, language selection for multilingual sites, form handling, and session management.

The HTTP request handling fixes are particularly important as they resolve issues that affected sites with interactive authentication, redirects, or hosting-added JavaScript. This makes Drupal more compatible with various hosting environments and authentication systems.

For multilingual sites, the improvements to domain-based language selection and locale import functionality enhance reliability. Developers will benefit from fixes to PostgreSQL constraint handling, form API improvements, and better URL validation.

The session management enhancement improves security by only regenerating sessions when necessary, while the fix for hook_boot() execution ensures proper initialization of non-cached pages when aggressive caching is enabled.

Overall, while not introducing flashy new features, this release significantly improves the reliability and security of Drupal 6 installations, making it an important update for maintaining stable sites.

Statistics:

File Changed44
Line Additions661
Line Deletions629
Line Changes1,290
Total Commits23

User Affected:

  • Improved HTTP request handling reduces issues with interactive authentication and redirects
  • Better language selection for domain-based multilingual sites
  • Fixed redirect issues in translation interface
  • More reliable session management

Contributors:

gobadbuytaert