prevents some risks that can occur if you install some third party modules,
or have very malicious users with high privileges.
- deletion of translated terms under cross site requests.
- session fixation attacks after installing 3rd party modules like workgroup
NG.
(other vulnerabilities are Drupal6 only).
- allow autogen passwords for new users
- put the names of roles more often on the rights page.
- extra hook for jquery_update, to avoid having to overwrite jquery
PEOPLE WHO TESTED drupal BEFORE:
You *must* disable extra modules and themes from a working drupal install
before the update, and reenable them afterwards.
If you forgot to,
- ln all the stuff in sites/all/modules and sites/all/themes to modules and themes
- check your site runs again, disable extra stuff
- remove the links and re-enable stuff.
okay naddy@
