Drupal 7.40
15 October 2015
Drupal version 7.40 is now available.
Upgrading to Drupal 7.40
Drupal 7.40 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 7.40 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 7.40
Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major new functionality); major, non-backwards-compatible new features are only being added to the forthcoming Drupal 8.0 release.
Upgrading .htaccess to incorporate this change is strongly recommended:
- A change to set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type (see #462950).
Upgrading settings.php to incorporate the following changes is recommended but not required:
- A change to exclude private files from the "404_fast_paths" behavior. This is useful primarily for sites which call drupal_fast_404() directly from settings.php (see #2455057).
- A documentation change to make it easier for development sites to enable the 'theme_debug' feature via settings.php (see #2538640).
Major changes
- Added an optional 'project:' prefix that can be added to dependencies in a module's .info file to indicate which project the dependency resides in (API addition: https://www.drupal.org/node/2299747).
- Prevented the database API from executing multiple queries at once on MySQL, if the site's PHP version is new enough to do so. This is a secondary defense against SQL injection (API change: https://www.drupal.org/node/2463973).
- Changed the default thousand marker for numeric fields from a space ("1 000") to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
- Made Drupal's code for parsing .info files run much faster and use much less memory.
- Prevented drupal_http_request() from returning an error when it receives a 201 through 206 HTTP status code.
- Added support for autoloading traits via the registry on sites running PHP 5.4 or higher.
- Allowed the user-picture.tpl.php theme template to have HTML classes besides the default "user-picture" class printed in it (markup change).
- Fixed the URL text filter to convert e-mail addresses with plus signs into mailto: links.
- Added alternate text to file icons displayed by the File module, to improve accessibility (string change, and minor API addition to theme_file_icon()).
- Changed one-time login link failure messages to be displayed as errors or warnings as appropriate, rather than as regular status messages (minor UI change and data structure change).
- Changed the default settings.php configuration to exclude private files from the "404_fast_paths" behavior.
- Changed the page that displays filter tips for a particular text format, for example filter/tips/full_html, to return "page not found" or "access denied" if the format does not exist or the user does not have access to it. This change adds a new menu item to the Filter module's hook_menu() entry (minor data structure change).
- Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the cache keys used for caching a particular block.
- Made drupal_set_message() display and return messages when "0" is passed in as the message to set.
- Fixed non-functional "Files displayed by default" setting on file fields.
- The "worker callback" provided in hook_cron_queue_info() and the "finished" callback specified during batch processing can now be any PHP callable instead of just functions.
- Prevented drupal_set_time_limit() from decreasing the time limit in the case where the PHP maximum execution time is already unlimited.
- Prevented malformed theme .info files (without a "name" key) from causing exceptions during menu rebuilds. If an .info file without a "name" key is found in a module or theme directory, Drupal will now use the module or theme's machine name as the display name instead.
- Made the format column in the {date_format_locale} database table case-sensitive, to match the equivalent column in the {date_formats} table.
- Fixed a bug in the Statistics module that caused JavaScript files attached to a node while it is being viewed to be omitted from the page.
- Fixed various bugs that occurred after hooks were invoked early in the Drupal bootstrap and that caused module_implements() and drupal_alter() to cache an incomplete set of hook implementations for later use.
- Set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type.
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade to fail when there were multiple file records pointing to the same file.