Late last week the Drupal community released, in quick succession, Drupal 5.13 and Drupal 5.14. The first release was a critical security release aimed at preventing cross-site scripting (see the advisory for more information), and the second release was to fix a regression (a bug, not a security issue) introduced by that security fix. We're taking the opportunity to update a few modules as well: CCK is updated to 1.10, Google Analytics is updated to 1.7, Image Assist is updated to 1.7, and the Mollom spam-fighting module is updated to 1.6. We've also contributed the update we made to the Watchdog hook backport patch to the community.

The tag for today's release is 2008-12-16s. We recommend that you backup your databases before upgrading, then proceed to using our instructions on how to upgrade the VPS installations of Drupal to the latest tag.

Drupal has released version 5.12, which since 5.11 only contains a security fix. Since 5.11 and 5.12 we also fixed a bug where install profiles would "fail" with a white screen of death, which is incorporated into today's tagged release, 2008-10-22s.

There are no database changes between 5.11 and 5.12, but we still recommend that you make backups of your database(s) and follow our instructions on how to upgrade the VPS installations of Drupal to the latest tag.

Late last week the Drupal project released a security update and bug fixes to the open source content management system that powers our hosted service and that comes with our VPS package, increasing the version number to 5.11. Today we are releasing a new tag that incorporates this update, which also includes some contributed module bug and security fixes and some new themes. The new tag is 2008-10-15s. You will need to run update.php to clear the menu cache and other caches on your website.

As mentioned, we're taking the opportunity to update some of the modules that come with our supported package. CCK includes a security release of its own, and we've also updated Mollom and the Link module to their latest official releases. In addition, we're adding support for our French install profile, as well as three themes developed by Raincity Studios' very own Hubert Florin. The list of themes and more detailed module release notes with links to the Drupal.org changelogs appear in the release notes for 2008-10-16s.

As usual, we'd like to remind you of our instructions on how to upgrade the VPS installations of Drupal to the latest tag, and to take this opportunity to make backups of your database(s) before upgrading.

Last night we upgraded all hosted service sites to Drupal 5.10. See our previous post, about creating a new tagged release for VPS customers, for the changes this brings, which includes a security update and some small bug fixes. There's no need to run update.php as all databases have been upgraded.

Last night the open source Drupal project released a patch for a critical security issue and included some bug fixes. You can see the release notes for full details. Tonight we've created a tag for VPS Drupal 5 customers, which is 2008-08-14s (don't forget the 's' , which indicates this a security update). Also included are minor fixes to Drupal core, plus a bug fix for the backported Database Logging module, with an updated patch.

An Important Note About Upgrading

Follow our instructions on how to upgrade to the latest tagged release. This includes a database update, specifically for the Blog API module. It will only get included if you have the Blog API enabled.

That said, regardless of whether you have Blog API enabled, we recommend you run update.php for the security update to be fully applied. Make sure to backup your database before you run the update.php script, which is always a good idea before updating Drupal anyway. If you're asked to update the System module, use update "2007", which refers to the update for the Watchdog hook patch we include with our releases.

We are working to get the hosted upgraded to 5.10 and will update here when that's done.

Just a quick note to let you know that Drupal 5.9 has been running on all Bryght Light sites since the wee hours of Friday August 8, 2008. Drupal 5.10 just came out today and we are working on that upgrade as well.

This morning we pushed a tag to incorporate the latest version of Drupal, now at its 5.9 release. Upgrading to this version is strongly recommended. The new tag is 2008-07-28s. This tagged release includes the following:

• a security update for Drupal. Notes about the release can be found on Drupal.org. The security advisory is titled "SA-2008-044 - Drupal core - Multiple vulnerabilities".
• we've also added a whole bunch of themes:
• AD Blueprint
• Amadou
• Garamond
• Green House
• Interactive Media
• itheme
• Marinelli
• some bug fixes to the Chinese profile

Updating Your VPS

Take a look at our documentation on how to update to the latest tagged release. There are no database updates between 5.8 and 5.9. As usual, we recommend backing up your database(s) anyway. This is also a good time to check Administer » Logs » Status report to see what else needs updating or fixing. The error that you might see for Google Analytics in the status log still persists; the fix is still to configure the module in Administer » Settings » Google Analytics or by disabling the module This release, as always, includes the Watchdog backport patch, which we keep updated on the Drupal.org issue page.

After a longer interim than usual, we are releasing a new tag for Bryght VPS customers. The new tag is 2008-07-11s (the 's' is there since this includes a security update). This release includes the following:

• a security update for Drupal, pushing the version number up to 5.8. You can read more about at the advisory advisory. The release of Drupal also fixes numerous small bugs, which you can read about at at the Drupal.org release notes for 5.8.
• updates to several contributed modules, bringing them up to date with each of their official releases. A special note about Pathauto: you may need to enable the Token module for this release. Since Pathauto depends on Token, you may need to first disable Pathauto, then enable both Pathauto & Token at the same time.
• we're including the Mollom spam-fighting module along with the Akismet module. We plan on ending support for Akismet, which means removing it from the hosted service when the time comes. We will send a notification out to all sites that have Akismet enabled well before we do this. We like the approach Mollom takes towards protecting against spam—as well as other malicious content—and it protects more Drupal forms from spam attacks (such as the contact form) than just content or comments. The module requires signing up for keys which you can get by signing up for an account at the Mollom web service.
• we're also including the Basic theme, built by us at Raincity Studios, as an alternative to the Zen theme. This is a very lightweight theme intended for designers and developers who want something simple to work from to create their own Drupal themes. We have more contributed themes that we are planning for a later release.

Updating Your VPS

Take a look at our documentation on how to update to the latest tagged release. Since some modules (like Pathauto) includes some database changes, you will most likely need to run update.php for your site. We recommend backing up your database(s) before-hand. Now is a good time to backup your databases anyway. After running the update, this is a good time to check Administer » Logs » Status report to see what else needs updating or fixing. The error that you might see for Google Analytics in the status log still persists; the fix is still to configure the module in Administer » Settings » Google Analytics or by disabling the module

Hosted Service

We have not yet released this tag on the hosted service. We will post a new story once Drupal 5.8 is made available to those customers. This release, as always, includes the Watchdog backport patch, which we keep updated on the Drupal.org issue page.

Last night we upgraded all 200+ sites on the hosted service from Drupal 5.6 to 5.7. The notes for the upgrade are the same as for when we released the new tag for VPS customers.

The last four releases of the Bryght Basic install profile for the open source Drupal content management system have been security releases. Not this time, for today's release—the new tag is 2008-01-29 (there's no 's' this time)—only contains bug fixes. Drupal 5.7 adds no features, but fixes a problem with the HTML filter that would not allow administrators to add or remove tags. There are 3 other issues fixed, which you can read about at the Drupal.org release notes page. We've updated our documentation on how to update to the latest tagged release. Even though there are no database updates for this release since Drupal 5.6, for VPS customers now's a good time to backup your database(s) just in case.

We will post a new story once Drupal 5.7 is made available to hosted service customers.

As usual, we included the Watchdog backport patch, and submitted a Drupal 5.7 compatible patch for those who want to do it on their own.

The error for Google Analytics in the status log still persists; the fix is still to configure the module in Administer » Settings » Google Analytics or by disabling the module.