Drupal 7.26
15 January 2014
Drupal version 7.26 is now available (security release).
Upgrading to Drupal 7.26
Drupal 7.26 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 7.26 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 7.26
Critical security release of the Drupal 7 series. A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.
Major changes:
- The database schema of the OpenID module's "openid_association" table has changed in this release (the "idp_endpoint_uri" column is now the primary key, rather than the "assoc_handle" column). During the update all existing entries in this table will be removed, but the table only stores temporary data and therefore the change is not expected to affect site operation or OpenID logins.
- A new, optional $form_state['programmed_bypass_access_check'] element has been added to the form API, for use with drupal_form_submit(). If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them like it normally does for programmatic form submissions. Any code which passes untrusted data (provided by the current user) to drupal_form_submit() is recommended to use this parameter for security reasons.