Drupal

Drupal can be set up and ready to use in minutes, because it provides an easy to use installer.

Even if it can power a small personal site, Drupal is at its best when used in medium to large installations.

Features:

• Themes
• Modules
• Extended online help
• Easy to customize
• Graphic installer
• Role based permission system
• Built-in search engine
• Easy user authentication
• Polls
• Template manager
• Threaded comments
• Version control
• Blogger API support
• Content syndication
• News aggregator
• Permalinks
• Cross-platform supported
• Database independence
• Multi-language
• Analysis, tracking and statistics
• Logging and reporting
• Web based administration
• Caching
• Admin panel access
• Collaborative work
• Friendly URLs

What is new in this release:

• Fixed:
• Multiple Vulnerabilities - SA-CORE-2014-006

What is new in version 7.33:

• Added an entity_view_mode_prepare() API function to allow entity-defining modules to properly invoke hook_entity_view_mode_alter(), and used it throughout Drupal core to fix bugs with the invocation of that hook (API change: https://www.drupal.org/node/2369141).
• Added a "theme_hook_original" variable to templates and theme functions and an optional sitewide theme debug mode, to provide contextual information in the page's HTML to theme developers. The theme debug mode is based on the one used with Twig in Drupal 8 and can be accessed by setting the "theme_debug" variable to TRUE (API addition).
• Began storing the file modification time of each module and theme in the {system} database table so that contributed modules can use it to identify recently changed modules and themes (minor data structure change to the return value of system_get_info() and other related functions).
• Added a "Did you mean?" feature to the run-tests.sh script for running automated tests from the command line, to help developers who are attempting to run a particular test class or group.
• Changed the date format used in various HTTP headers output by Drupal core from RFC 1123 format to RFC 7231 format.
• Added a "block_cache_bypass_node_grants" variable to allow sites which have node access modules enabled to use the block cache if desired (API addition).
• Made image derivative generation HTTP requests return a 404 error (rather than a 500 error) when the source image does not exist.
• Fixed a bug which caused user pictures to be removed from the user object after saving, and resulted in data loss if the user account was subsequently re-saved.
• Fixed a bug in which field_has_data() did not return TRUE for fields that only had data in older entity revisions, leading to loss of the field's data when the field configuration was edited.
• Fixed a bug which caused the Ajax progress throbber to appear misaligned in many situatons (minor styling change).
• Prevented the Bartik theme from lower-casing the "Permalink" link on comments, for improved multilingual support (minor UI change).
• Added a "preferred_menu_links" tag to the database query that is used by menu_link_get_preferred() to find the preferred menu link for a given path, to make it easier to alter.
• Increased the maximum allowed length of block titles to 255 characters (database schema change to the {block} table).
• Removed the Field module's field_modules_uninstalled() function, since it did not do anything when it was invoked.
• Security improvement: Made the database API's orderBy() method sanitize the sort direction ("ASC" or "DESC") for queries built with db_select(), so that calling code does not have to.
• Changed the RDF module to consistently output RDF metadata for nodes and comments near where the node is rendered in the HTML (minor markup and data structure change).
• Added an HTML class to RDFa metatags throughout Drupal to prevent them from accidentally affecting the site appearance (minor markup change).
• Fixed a bug in the Unicode requirements check which prevented installing Drupal on PHP 5.6.
• Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
• Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used (UI change).
• Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs (this is a minor data structure change affecting code which implements hook_query_alter() on these queries).

What is new in version 7.32:

• This release fixes security vulnerabilities.

What is new in version 7.31 / 6.33:

• Drupal 7.31 and Drupal 6.33, maintenance releases which contain fixes for security vulnerabilities.

What is new in version 7.30:

• Fixed a regression introduced in Drupal 7.29 that caused files or images attached to taxonomy terms to be deleted when the taxonomy term was edited and resaved (and other related bugs with contributed and custom modules.
• Added a warning on the permissions page to recommend restricting access to the "View site reports" permission to trusted administrators.

What is new in version 7.29 / 6.32:

• Drupal 7.29 and 6.32 were released in response to the discovery of security vulnerabilities.

What is new in version 7.28:

• Fixed the behavior of the token system's "[node:summary]" token when the body field does not have a manual summary.
• Changed the behavior of db_query_temporary() so that it works on SELECT queries even when they have leading comments/whitespace. A side effect of this fix is that db_query_temporary() will now fail with an error if it is ever used on non-SELECT queries.
• Added a "node_admin_filter" tag to the database query used to build the list of nodes on the content administration page, to make it easier to alter.
• Made the cron queue system log any exceptions that are thrown while an item in the queue is being processed, rather than stopping the entire PHP request.
• Improved screen reader support by adding an aria-live HTML attribute to file upload fields when there is an error uploading the file (minor markup change).
• Made the pager on the Tracker module listing pages show the same number of items as other pagers throughout Drupal core (minor UI change).
• Fixed a bug which caused caches not to be properly cleared when a file entity was saved or deleted.
• Added several missing countries to the default list returned by country_get_list() (string change).
• Replaced the term "weight" with "influence" in the content ranking settings for search, and added help text for administrators (string change).
• Fixed untranslatable text strings in the administrative interface for the "Crop" effect provided by the Image module (minor string change).
• Fixed a bug in the Taxonomy module update function introduced in Drupal 7.26 that caused memory and CPU problems on sites with very large numbers of unpublished nodes.

What is new in version 7.27 / 6.31:

• Drupal 7.27 and Drupal 6.31 are maintenance releases which contain fixes for security vulnerabilities.

What is new in version 7.26 / 6.30:

• Drupal 7.26 and Drupal 6.30 are maintenance releases which contain fixes for security vulnerabilities.

What is new in version 7.25:

• Fixed a bug in node_save() which prevented the saved node from being updated in hook_node_insert() and other similar hooks.
• Added a meta tag to install.php to prevent it from being indexed by search engines even when Drupal is installed in a subfolder (minor markup change).
• Fixed a bug in the database API that caused frequent deadlock errors when running merge queries on some servers.
• Performance improvement: Prevented block rehashing from writing blocks to the database on every cache clear and cron run when the blocks have not changed. This fix results in an extra 'saved' key which is added and set to TRUE for each block returned by _block_rehash() that actually is saved to the database (data structure change).
• Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow queues to avoid being automatically processed on cron runs (API addition).
• Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be invoked if the block delta had a hyphen in it. To implement the hook when the block delta has a hyphen, modules should now replace hyphens with underscores when constructing the function name for the hook implementation.
• Fixed a bug which caused cached pages to sometimes be sent to the browser with incorrect compression. The fix adds a new 'page_compressed' key to the $cache->data array returned by drupal_page_get_cache() (minor data structure change).
• Fixed broken tests on PHP 5.5.
• Made the File and Image modules more robust when saving entities that have deleted files attached. The code in file_field_presave() will now remove the record of the deleted file from the entity before saving (minor data structure change).
• Standardized menu callback functions throughout Drupal core to return MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page not found" or "access denied" pages (minor API change in the return value of these functions under some circumstances).
• Fixed a bug in which caches were not properly cleared when a node was deleted via the administrative interface.
• Changed the Bartik theme to render content contained in <pre>, <code> and similar tags in a larger font size, so it is easier to read.
• Fixed a bug in the Search module that caused exceptions to be thrown during searches if the server was not configured to represent decimal points as a period.
• Fixed a regression in the Image module that made image_style_url() not work when a relative path (rather than a complete file URI) was passed to it.
• Added a link to the drupal.org documentation page for cron to the Cron settings page (string change).
• Added a 'drupal_anonymous_user_object' variable to allow the anonymous user object returned by drupal_anonymous_user() to be overridden with a classed object (API addition).
• Changed the database API to allow inserts based on a SELECT * query to work correctly.
• Changed the database schema of the {file_managed} table to allow Drupal to manage files larger than 4 GB.
• Changed the File module's hook_field_load() implementation to prevent file entity properties which have the same name as file or image field properties from overwriting the field properties (minor API change).

What is new in version 7.24 / 6.29:

• Drupal 7.24 and 6.29 were released in response to the discovery of security vulnerabilities.

What is new in version 7.23:

• Includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

What is new in version 7.22:

• An improvement to the default rewrite rules to help avoid man-in-the-middle attacks on sites which are accessed over HTTP and HTTPS.
• A change to the list of file extensions which are blocked by .htaccess, to prevent temporary files created by text editors from being accessed.

What is new in version 7.21:

• Allow sites using the 'image_allow_insecure_derivatives' variable to have partial protection from the security issues fixed in Drupal 7.20.

What is new in version 7.20:

• Drupal 7.20 was released in response to the discovery of security vulnerabilities.

What is new in version 7.19 / 6.28:

• Drupal 7.19 and 6.28 were released in response to the discovery of security vulnerabilities.

What is new in version 7.18:

• Security fix:
• A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users.
• Arbitrary PHP code execution.

What is new in version 7.17:

• Fixed a bug which made database queries running a "LIKE" query on blob fields fail on PostgreSQL databases. This caused errors during the Drupal 6 to Drupal 7 upgrade.
• Changed the hook_menu() entry for Drupal's rss.xml page to prevent extra path components from being accidentally passed to the page callback function (data structure change).
• Removed a non-standard "name" attribute from Drupal's default Content-Type header for file downloads.
• Fixed the theme settings form to properly clean up submitted values in $form_state['values'] when the form is submitted (data structure change).
• Fixed an inconsistency by removing the colon from the end of the label on multi-valued form fields (minor string change).
• Added support for 'weight' in hook_field_widget_info() to allow modules to control the order in which widgets are displayed in the Field UI.
• Updated various tables in the OpenID and Book modules to use the default "empty table" text pattern (string change).
• Added proxy server support to drupal_http_request().
• Added "lang" attributes to language links, to better support screen readers.
• Fixed double occurrence of a "ul" HTML tag on secondary local tasks in the Seven theme (markup change).
• Fixed bugs which caused taxonomy vocabulary and shortcut set titles to be double-escaped. The fix replaces the taxonomy vocabulary overview page and "Edit shortcuts" menu items' title callback entries in hook_menu() with new functions that do not escape HTML characters (data structure change).
• Modified the Update manager module to allow drupal.org to collect usage statistics for individual modules and themes, rather than only for entire projects.
• Modified the node listing database query on Drupal's default front page to add table aliases for better query altering (this is a data structure change affecting code which implements hook_query_alter() on this query).
• Improved the translatability of the "Field type(s) in use" message on the modules page (admin-facing string change).
• Fixed a regression which caused a "call to undefined function drupal_find_base_themes()" fatal error under rare circumstances.
• Numerous API documentation improvements.
• Additional automated test coverage.

What is new in version 7.15:

• Introduced a 'user_password_reset_timeout' variable to allow the 24-hour expiration for user password reset links to be adjusted (API addition).
• Fixed database errors due to ambiguous column names that occurred when EntityFieldQuery was used in certain situations.
• Changed the drupal_array_get_nested_value() function to return a reference (API addition).
• Changed the System module's hook_block_info() implementation to assign the "Main page content" and "System help" blocks to appropriate regions by default and prevent error messages on the block administration page (data structure change).
• Fixed regression: Non-node entities couldn't be accessed with EntityFieldQuery.
• Fixed regression: Optional radio buttons with an empty, non-NULL default value led to an illegal choice error when none were selected.

What is new in version 6.2.6:

• Use the right JSON MIME type in drupal_json().
• Fixed phpdoc for system_settings_overview().
• When drupal_execute()ing multiple forms with same form_id in a page request, only the first one was validated.
• Link in update.php instructions was pointing to an outdated handbook page. Update it.
• Plural formula information was blanked when importing a poorly-formed .po file.
• OpenID realm should not be language dependent.
• Tabledrag.js should not use for...in to iterate over an array.
• Invalid Unicode code range in PREG_CLASS_UNICODE_WORD_BOUNDARY fails with PCRE 8.30.
• Improved theme_links() documentation.
• Improved db_query_temporary() documentation to apply even if persistent database connections are used.
• Better return value documentation for db_query().
• Minor documentation fix in the batch_set() docs.
• Expanded drupal_goto() documentation for query argument.
• Documentation cleanup for _user_mail_notify().

What is new in version 6.25:

• Rollback for issue #12274 given that it does not consider email domain names with hyphens valid after the first component of the domain name.
• Fixed duplicate entry of theme primary key in system table on Drupal 6.24 when updating using drush.
• Fixed 'Call to undefined function locale_inc_callback()' during 6.22 -> 6.24 upgrade if locale module was previously enabled but is not currently enabled.

What is new in version 8.x-dev:

• This is a development snapshot release for the 8.x series. This is not stable, and production sites should not run this code.

What is new in version 7.12 / 6.24:

• Maintenance releases which fix security vulnerabilities.

What is new in version 7.10:

• Fixed Content-Language HTTP header to not cause issues with Drush 5.x.
• Reduce memory usage of theme registry (performance).
• Fixed PECL upload progress bar for FileField
• Fixed running update.php doesn't always clear the cache.
• Fixed PDO exceptions on long titles.
• Fixed Overlay redirect does not include query string.
• Fixed D6 modules satisfy D7 module dependencies.
• Fixed the ordering of module hooks when using module_implements_alter().
• Fixed "floating" submit buttons during AJAX requests.
• Fixed timezone selected on install not propogating to admin account.
• Added msgctx context to JS translation functions, for feature parity with t().
• Profiles' .install files now available during hook_install_tasks().
• Added test coverage of 7.0 -> 7.x upgrade path.
• Numerous notice fixes.
• Numerous documentation improvements.
• Additional automated test coverage.

What is new in version 7.9:

• Fixed files getting lost when adding multiple files to multiple file fields at the same time.
• Improved usability of the clean URL test screens.
• Restored height/width attributes on images run through the theme system.
• Fixed usability bug with first password field being pre-filled by certain browser plugins.
• Fixed file_usage_list() so that it can return more than one result.
• Fixed bug preventing preview of private images on node form.
• Fixed PDO error when inserting an aggregator title longer than 255 characters.
• Spelled out what TRADITIONAL means in MySQL sql_mode.
• Deprecated "!=" operator for DBTNG; should be "<>".
• Added two new API functions (menu_tree_set_path()/menu_tree_get_path()) were added in order to enable setting the active menu trail for dynamically generated menu paths.
• Added new "fast 404" capability in settings.php to bypass Drupal bootstrap when serving 404 pages for certain file types.
• Added format_string() function which can perform string munging ala the t() function without the overhead of the translation system.
• Numerous #states system fixes.
• Numerous EntityFieldQuery, DBTNG, and SQLite fixes.
• Numerous Shortcut module fixes.
• Numerous language system fixes.
• Numerous token fixes.
• Numerous CSS fixes.
• Numerous upgrade path fixes.
• Numerous minor string fixes.
• Numerous notice fixes.

What is new in version 7.8:

• Minor typo in docs for function menu_link_get_preferred().
• shortcut_set_unassign_user() deletes in the wrong table.
• Fixed Tabledrag doesn't hide columns when the whole table is initially hidden.
• Fixed PHP memory not allowing color scheme change.
• Fixed warning: Invalid argument supplied for foreach() in filter_list_format() (line 675 of /.../modules/filter/filter.module).
• Let Field API fail in a tale-telling way on invalid .
• Fixed Add support to sqlite for char:normal type.
• Fixed role page weight title.
• Fixed variable was removed, but is still being assigned in template_preprocess_maintenance_page().
• Fixed PHP notices when creating menu link '#'.
• Fixed field_default_view() doc has problems.
• Fixed Node access rights doc should mention how to use query tags.
• Fixed theme_pager_link() doc missing 'text' variable.
• Fixed taxonomy_check_vocabulary_hierarchy() doc lacks return value.
• Fixed drupal_add_css() support for stream wrappers not documented.
• Fixed Batch operations example needs redirect.
• Fixed taxonomy_vocabulary_save() doc needs more detail.
• Fixed hook_field_extra_fields_alter() functions example code is wrong.
• Fixed taxonomy_get_children() return value doc is not complete.
• Fixed 'Installation failed' errors when installing modules from Update Manager w/ Overlay.
• Fixed Testing does not work at all when locale of host session is not English.
• New users do not know to click on 'Modules' to extend their site.

What is new in version 7.7:

• AJAX now responds to 'click' instead of 'mousedown'. Testing was performed to make sure this doesn't affect major contributed modules, but could cause issues.
• The 'translatable' flag on fields added via the UI now defaults to FALSE, same as fields added via the API do. Contrib modules such as Entity Translation can allow toggling this back for sites that need it. An upgrade path will be included in a future release to bring all legacy fields into compliance.
• Remote streamwrappers are now supported, because of fixes to where drupal_realpath() is called.

What is new in version 7.4:

• Drupal 7.4 fixes issues reported through the bug tracking system.

What is new in version 7.2 / 6.22:

• Drupal 7.2 and 6.22 fixes issues reported through the bug tracking system.
• Upgrading the existing Drupal 7 and 6 sites is strongly recommended.

What is new in version 7.0:

• Fixed can't install projects packed as zip in Update Manager.
• Fixed Radio button values get run through check_plain() twice
• Fix to field_sql_storage_update_7001().
• Add DBTNG support for EXISTS conditions.
• Fixed Fatal error: Call to undefined function language_negotiation_get_switch_links() when using only one language
• Fixed drupal_add_js() documentation makes reference to drupal_add_css()
• Fixed Duplicate comment line for drupal_render_cid_parts()
• Fixed Drupal.ajaxError may itself throw an exception, causing silent 'AJAX Error 0' events
• Fixed Call to undefined function decode_entities IN common.inc
• Fixed Explain in INSTALL.txt that on some servers, the automated settings.php creation isn't expected to work
• Better method of changing to DRUPAL_ROOT.
• Fix table prefixes to prevent random testbot failures.
• Fixed Topics/groups in D7 need cleanup
• Fixed exception handling while downloading/verifying a tarball in update manager.
• Fixed UpdateTestUploadCase->testUploadModule() raises an exception during testing with E_STRICT
• Fixed Update module should verify downloaded tarballs and propagate errors correctly
• Fixed all possible problems with comment links, using new generatePermutations testing function.
• Update to jQuery UI 1.8.7
• Fixed search-block-form.tpl.php refers to ['submit'], which no longer exists
• Fixed Custom #type machine_name 'exists' callbacks cannot access other form elements/values
• Fixed hook_init() example violates what doc says to do
• Upgrade jQuery Form library to 2.52.
• Fixed Update manager doesn't allow you to install a project if it finds a single 'broken' module in it
• Fixed FileTransfer doesn't properly handle any advanced settings nor the ssh username
• Fixed SSH connection class has wrong port in error string.
• Fixed Explain that the Update manager only works if you have FTP or SSH access to your server
• Fixed Update manager should not take you out of maintenance mode unless you asked it to
• Fixed administer comments does not respect node access.
• Fixed warn of PHP memory limit < 64MB for Testing module.
• Improved documentation of hook_date_formats()
• Fixed Overlay title jumps when active
• Add border-radius for IE9 / Opera 10.50
• Fixed Reordering fails with more than 31 book pages in a book
• Fixed Paths containing a hyphen aren't compatible with page theme_hook_suggestions
• Fixed Drupal cannot be installed in a non-predefined language
• Further clean-ups to group topics.
• Fixed _system_date_format_types_build improper use of in_array()
• EVEN better docs for format_date() and friends.
• Remove Dave Reid as update.module maintainer. :(
• Fixed borked Bartik comment layout.
• Fix regex in Updater classes.
• Remove phantom empty column on date settings.
• Fixed authorize.php connection settings form broken (doesn't degrade, pointless fieldset)
• Fixed Move background color from body to #page-wrapper in Bartik
• Fixed search_excerpt() doesn't highlight words that are matched via search_simplify()
• update.php displays misleading messages for modules that return no messages.

What is new in version 7.0 RC4:

• Update results generate a spurious </ul>.
• Fixed Multiple notices from tracker after deleting a node.
• Fixed SelectQuery::countQuery() fails with a group by expression.
• Fixed Always use DRUPAL_ROOT instead of getcwd().
• Document how to add support for non-standard SQL types to hook_schema().
• Fixed Rehashed passwords after Drupal 6 upgrade fail.
• Fixed D6 to D7 upgrade on PostgreSQL stopped cold at update.php.
• Fixed db_change_field() fails to convert int to varchar on PostgreSQL.

What is new in version 6.20:

• Modify robots.txt to give search engine crawlers permission to index content in /sites/*, such as images uploaded to the site
• Theme settings forms were not inherited by sub-themes
• Backport hiding of hidden modules on the modules page, so if projects include hidden modules for testing, those will not confuse users
• Fix minor code documentation typo in menu.inc
• Make syslog identity configurable on the user interface (instead of hardwired to 'drupal')
• Fall back on an empty array if hook_schema is not defined for a module
• Clean up documentation for menu_set_active_trail
• Path argument was not documented on the arg() function
• Minor fix to drupal_add_css() documentation to have correct path example
• Document search_form() return value properly
• Document that drupal_get_path(), drupal_load() and drupal_get_filename() can be used with 'profile' as well
• Copy semaphore site creation to update_fix_d6_requirements() to solve issues upgrading from any version of Drupal 5
• Fix formatting in Schema API documentation lists
• Backport support for newly popular tel: protocol in filter_xss_bad_protocols()
• Document the return value of arg() better
• Document return value of valid_email_address() better
• Fix argument name in code documentation for db_add_field()
• Improve documentation on theme_image()
• Fix notice in cache.inc when $user->cache is not defined
• user_load() can take a uid not just an array; document that properly

What is new in version 7.0 RC1:

• Includes: Aggregator, Bartik, Block, Book, Color, Comment, Content translation, Contextual links, Dashboard, Database logging, Field, Field SQL storage, Field UI, File, Filter, Forum, Help, Image, List, Locale, Menu, Node, Number, Options, Overlay, Path, Profile, RDF, Search, Seven, Shortcut, System, Taxonomy, Text, Toolbar, Tracker, Update manager, User.

What is new in version 7.0 Beta 3:

• Upgrade to jQuery 1.4.4 and jQuery UI 1.8.6.
• Numerous upgrade path fixes.
• Numerous accessibility fixes.
• All critical bugs fixed.

What is new in version 7.0 Beta 2:

• Better error trapping during installation and upgrade for various incompatible systems, based on error reports from folks newly trying out Drupal 7 on various environments. We think we've caught all the ones we have so far, but please keep the reports coming.
• Better support for exportables in the form of a new Form API type "machine_name" and format IDs stored as strings rather than integers.
• Links can now participate in the D7 AJAX framework, which was previously limited to forms.
• Raised minimum version of PHP to PHP 5.2.4, to facilitate stream wrapper security.
• Numerous tweaks to basic navigation in the default profile, to prevent information overload.
• Fixed a regression in Schema API that prevented modules such as Date from adding to the column types supported by core.
• Profile module no longer shows up on the module listing on new sites, in favour of fieldable user entities.
• Fixing of numerous Bartik and Seven theme style & RTL bugs. There are still lots more, so please help get Drupal 7's new look and feel as polished as possible.

What is new in version 7.0 Beta 1:

• We think that we have resolved all critical data loss and security bugs in Drupal 7.
• We think that our APIs are now frozen enough so that contributed module and theme authors can start (or pick up again) their #D7CX pledges.
• We think that we have caught and fixed most of the problems with the upgrade path. We were able to successfully upgrade a copy of the Drupal.org database to Drupal 7.

What is new in version 7.0 Alpha 7:

• HUGE number of upgrade path fixes, including automated tests for updates. We are *very* close to a totally working upgrade path! Please test!
• Great usability improvements, including the installer not greeing you with a red error of death anymore on shared hosts!
• Field UI improvements to allow it to be further extended from contrib.
• Numerous Form API fixes and improvements.
• Numerous accessibility fixes.
• A variety of PostgreSQL and SQLite fixes, almost at 100% automated tests passing on both!
• Lots of polish on coding standards compliance and API documentation.
• Markup improvements, and a new default jQuery UI theme.
• Numerous security fixes, including 'forward-ports' of Drupal core SAs, and fixes to private files.
• Performance improvements.
• There have been several API changes since alpha6 to fix critical issues.

What is new in version 5.23:

• This release fixes security vulnerabilities.

What is new in version 6.19:

• Avoid a PHP notice when a batch is used without JavaScript.
• Locale module import code state machine inconsistency ends up in ignored plural string variants.
• Fix documentation for node_access_acquire_grants() and friends.
• OpenID logins show Access denied after login due to redirection issues.
• Improve documentation of drupal_execute().

What is new in version 7.0 Alpha 6:

• Drupal has a new core theme: Bartik!
• Numerous fixes to the upgrade path, including basic tests. Getting very close! :)
• Numerous important security fixes.
• Numerous accessibility improvements.
• Setting up Private files is now optional, rather than required.
• Registry made more fool-proof and robust.
• Redesign of Field UI "Manage Display" screen, to reflect multiple view modes. Field UI screens are now also extensible from contrib.
• Re-implementation of Overlay without jQuery UI, to address numerous critical issues.
• User creation setting now defaults to "Visitors, with admin approval" for security.
• Installation will no longer fail when settings.php is not present. Nice usability improvement.
• Required modules are once again shown on the modules page.
• Many improvements to input formats and filters.
• Table prefixes are now per-database connection, rather than global.

What is new in version 6.17:

• Fixed PHP 4 incompatibility problem in update module.
• User password request should check name access rules against names, email access rules against emails.
• Prevent the padding in drupalhtml_to_text() from falling below zero.
• Avoid reporting two error messages when feed parse errors occur in aggregator.
• Make form_build_id generation consistent.

What is new in version 7.0 Alpha 5:

• Numerous upgrade path fixes.
• Numerous security path fixes.
• Numerous API documentation additions -- all core hooks are documented now!
• Lots and lots of critical bug fixes.

What is new in version 7.0 Alpha 4:

• Color module now usable by themes other than Garland.
• Usability improvements including re-weightable roles and saner Forum module defaults.
• A variety of optimizations made to data import-related functions to make migrations faster.
• Lots of previously missing documentation for hooks has now been documented. Hooray!
• Increased test coverage, particularly core Tokens.
• Lots of smaller bug fixes, security patches, and improvements.

What is new in version 7.0 Alpha 3:

• Drupal 7 now ships with jQuery 1.4.2 and jQuery UI 1.8.
• API change: AJAX commands are now defined as array('#type' => 'ajax', '#commands' => $output) rather than array('#type' => 'ajax_commands', '#ajax_commands' => $output).
• API change: There is a new form element #type 'text_format', should be used for textareas with format selectors (e.g. body fields).
• page--front.tpl.php works again.
• Bug where IE quits displaying any CSS after 31+ stylesheets now fixed.
• The "Add" link now shows up for blocks. :P
• Now, running drupal_execute() multiple times on forms will validate each time, instead of only the first one.
• UI for translatable fields removed, in favour of contributed module.
• MAINTAINERS.txt now actually approximates the truth.
• Numerous upgrade path fixes.
• Numerous documentation fixes and documentation holes filled.
• Numerous markup fixes and improvements.
• Various performance improvements, especially around data import.
• Numerous security fixes, including both forward-ports of 6.x holes and plugging a D7-only one where Drupal 7 was storing plain-text copies of passwords in user.data under certain conditions.

What is new in version 7.x-dev / 6.15 / 5.21:

• Changes to 6.15:
• Some set_time_limit() numbers were inadvertently removed in the previous patch.
• Better documentation and add code example for module_load_include()
• Improve general documentation about hooks
• Code documentation for block_box_get() and block_box_save()
• Fix code example in drupal_execute() phpdoc; password fields should have two string values
• Minor fix for documentation of return value in drupal_match_path()
• Do not allow PHP scripts to be cached unless they explicitly send cache headers themselves.
• Changes to 5.21:
• This release fixes security vulnerabilities.

What is new in version 7.x-dev / 6.14 / 5.20:

• Changes to 6.14:
• Only check the db prefix for simpletest if it was a string (not running a multisite)
• DISTINCT handling in db_distinct_field()'s MySQL implementations was resulting in bogus queries
• drupal_urlencode() and Drupal.encodeURIComponent was used to encode query strings and other components it should not have been used for
• Drupal lacked support for positive integer values in database queries, beyond PHP_INT_MAX; caused issues with twitter integration and big numbers in general
• Document type argument on action_save()
• Incorrectly documented parameter name on flood_is_allowed()
• Missing phpdoc @code tags on PHP code examples in form.inc and actions.inc
• Better documentation on how the cid and wildcard arguments interact on cache_clear_all()
• theme_admin_block_content() had wrong argument name documented
• node.tpl.php mistakenly mentions theme_user(); should reference theme_username() instead
• Only add Content-Length if we actually have any content or if it is a POST or PUT request.
• Fix named entity handling in filter_xss(), so it does not clash with other entities and result in wrong encoding
• MODULE_preprocess_maintenance_page() functions were never called, even if the database is online
• drupal_clear_css_cache() should not be called on all invocations to the themes admin page; should be called only on submit - consistent with the modules admin page
• Garland mistakenly used phptemplate_comment_wrapper() to override comment-wrapper.tpl.php; should use a preprocess function instead to complement the core comment-wrapper.tpl.php
• Changes to 5.20:
• Per-table cache_flush variables to avoid not flushing all but the first table when multiple tables are cleared.
• taxonomy_term_path() and its phpdoc block was separated by one blank line, thus disconnecting it for the API docs parser.
• Deny D6-style access elements.
• Create temporary mysql tables in memory.
• Fix login destination again on 403/404 pages and make the search form work there if displayed
• As of December, 2007, Venezuela is GMT/UTC-0430, but that timezone was not in the list of our supported zones
• Fix issue with disappearing Garland tabs in Internet Explorer
• Patch: XML-RPC error handling was incomplete.

What is new in version 7.x-dev / 6.13 / 5.19:

• 6.13 Changes:
• Fixed documentation glitch.
• JavaScript string split() function does not behave like PHP explode(); causes problems with multiple node body break tags
• _drupal_flush_css_js() should not have 'q' as a possible CSS query character, since that is the Drupal path name character too
• Names of compressed CSS and JS files should have a prefix, so that names starting in ad* will not happen. Those are easily blocked by firewalls, Firefox's Adblock, etc.
• cache_clear_all() mentioned cache_flush_delay incorrectly; it should say we use cache_lifetime
• drupal_set_title() in forum_overview() is not needed; menu already sets the title and is localized
• Password equality checking was not using strict type checking; we should assume these are strings and compared character to character
• Fixed grammar in forum module messages
• Fixed module support for disabled module update status checking and do not track usage in that case.
• The Anonymous name is a plain text setting, so it should be escaped properly for output.
• Actions set to run on cron were not actually triggered.
• We should always show the node access rebuild button. The check on when to show it was fragile, so the button might not have been there when actually needed.
• For proper HTTP query simpletesting, we should pass on the instance identifier (database prefix).
• Save a query by only calling file_space_used() when a limit is provided.
• The 'serialize' Schema API property was used but not documented.
• The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.
• When changing columns, PostgreSQL needs explicit type casting to ensure that values are kept properly.
• In system_clear_cache_submit(), the function arguments were swapped (but it did not affect how it actually worked).
• Update status should not attempt to request update data until a limit is reached. Fixed Drupal instances when drupal.org is down and gets less load on Drupal.org if data is not found.
• Remove url() wrapping from remote links and link in a more user friendly OpenID provider list.
• Use filter_xss_admin() on site name and site slogan, just like footer message and mission
• Fix drupal_mail() documentation, so that it encourages to set the body of the email as an array (like core does).
• The tablesort code did not account for possibly nested tables; only match immediate descendants, so elements of nested tables are not matched.
• The safe string check on translations should only be applied to the default textgroup. Strings in other textgroups such as blocks and menu items are displayed via escaping and filtering, and might contain arbitrary HTML.
• 5.19 Changes:
• hr should be treated as a block level tag. Backport by alexanderpas.
• The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.

What is new in version 7.x-dev / 6.6 / 5.12:

• fixed bug in drupal_lookup_path('wipe').
• fixed wildcard loader names with numbers.
• fixed wildcard loader problem
• correction for user-profile.tpl.php documentation.
• fixed exceptions in XML-RPC library. Backported from CVS HEAD.
• All translations were removed from translation set when deleting a node and only two nodes are left.
• Avoid a 403 on autocomplete fields, when people do not have access to the path used for autocompletion; by disabling the autocomplete altogether in this case.
• Fix incorrect path to remove orphaned actions.
• hook_exit() was not invoked for some cached requests.
• exanded PHP doc of path_to_theme().
• fixed translation issue.
• drupal_init_language() should be called before drupal_maintenance_theme() in _db_error_page() to ensure that the language object exists on DB error pages.
• locale_block() generated incorrect paths for frontpage links
• file_transfer() should only call ob_end_clean() if there was an actual output buffer opened
• little usability tweak to link the site offline admin message to the maintenance settings page
• let user_authenticate() be called without cookies previously set; allows web service modules to start a session with the authentication
• fixed problem with PostgreSQL users not being able to delete blocks.
• untranslatable string in the installer
• Primary/secondary links did not get the 'active-trail' class properly on the list items
• missing /td tag.

What is new in version 6.4:

• SA-2008-047 - Drupal core - Multiple vulnerabilities
• #117748 by webchick, Pancho, Rob Loach, pwolanin: required field values were not properly trim()ed on validation
• #207991 by Rok Zlender: xmlrpc_date did not parse dates well. Backport by clemens.tolboom.
• Patch #254725 by Steve Dondley and BioALIEN: maxlength field for 'allowed HTML tags' is too short. Backport by scor.
• Patch #285467 by mustafau: fixed typo a MT blog API function.
• #272636 by evolvingweb, dvessel: add 'js' class to html tag in drupal.js instead of overwriting all its classes with 'js'. Backport by sun.
• #292538 by Damien Tournoud and hanoii. Fix $sidebar_indicator behavior.

What is new in version 6.4:

• SA-2008-047 - Drupal core - Multiple vulnerabilities
• #225880 follow up by webchick: improve error message when writable settings.php is not present
• Patch #275801 by Damien Tournoud and Gribnif: fixed performance issue due to typo.
• Patch #281943 by webchick, Arancaytar, dropcube et al: order install profiles alphabetically.
• Patch #285467 by mustafau: fixed typo a MT blog API function.
• Patch #238600 by scor: removed two unused links from context-sentive help.
• Patch #268491 by mustafu, pwolanin, et al: fixed notice after deleting aggregator feed.
• Patch #293434 by eMPee584 and Damien: fixed broken watchdog call.
• Patch #254725 by Steve Dondley and BioALIEN: maxlength field for 'allowed HTML tags' is too short
• Patch #290918 by pwolanin: don't unset project info during processing.
• Patch #165642 by Damien Tournoud: error in SQL syntax in user.module.
• Patch #246522 by mustafu, Dries: fixed typo in documentation.
• Patch #283806 by mustafau, Aron Noval: improved error handling in drupal_http_request().
• Patch #290869 by Wim Leers: AHAH functionality was not working for radio buttons.
• Patch #293421 by Bart Jansens: fixed documentation of sess_count().
• Patch #290869 by swenterl, cwgordon07: fixed notice in #ahah handling.
• Patch #293343 by Bart Jansens: removed obsolete table name from documentation. Candidate for Most Trivial Patch of the Month Award.
• Patch #293504 by Damien Tournoud: fixed search on PostgreSQL - argument of AND must be type boolean, not type integer.
• Patch #283806 by mustafau: fixed bug in drupal_http_request()

Requirements:

• Web server (Apache, IIS)
• Database: MySQL, MariaDB, PostgreSQL, SQLite (MS-SQL and Oracle supported unofficially)
• PHP 5.3 or higher
• PHP XML extension
• An image library for PHP (GD, ImageMagick)
• PHP safe_mode: off
• PHP Data Objects (PDO) active
• PHP register_globals: off