Uwe Hermann | A slightly paranoid Debian developer

I have upgraded my website/blog/podcast/photoblog/linkblog/whatever to Drupal 5.0-rc1 today (I'll skip 5.0-rc2 for now and wait for the final release of 5.0 for the next upgrade).

The upgrade went quite nice, even though I had to upgrade several modules and port quite a bunch of custom hacks I had on my old (Drupal 4.6) site. I first upgraded to 4.7, then to 5.0 (as is the recommended procedure) on a test-site, and after figuring out how to fix or work-around all the issues that appeared, I upgraded the live site.

I password-protected the site during the upgrade, that's why it wasn't available for a while today (and caused some problems on Planet Debian it seems, sorry for that!).

New features you might enjoy:

• Every blog post, podcast entry, and photo/image has an AJAX-enabled voting/rating box now, thanks to the nice jRating module. Feel free to rate any content over here, I'm eager to know what you think.
• The Service links module provides those tiny images in each post, which allow you to submit the post to del.icio.us, Digg, etc. etc. with a single click.
• I now use the great new standard Drupal-Theme Garland with a custom color map. I really like it.
• Tons of small changes here and there, removing custom hacks which are now obsoleted with the new Drupal release, shuffling some menus around etc. etc.

If you notice any bugs or problems with the site, please let me know.

Wheee! Drupal 4.7.0, the new stable release of the CMS, has been released. After more than one year of development, we are now finally able to enjoy all the goodies which this new release brings.

For German speaking people we can now proudly claim to have a completed translation of the user interface, thanks to all the contributors! If you don't speak German, you can choose from one of the other 40+ translations for your site.

Read the release announcement for more information, I'm off upgrading a couple of sites now ;)

Recently, I've had the pleasure to try out something new - reviewing a book before it is published.

I have been acting as technical editor/reviewer (or whatever that's called in English) for the first German book about Drupal, written by Hagen Graf: "Drupal: Community-Websites entwickeln und verwalten mit dem Open Source-CMS". The book covers the Drupal 4.7-beta series and is a good introduction to Drupal and it's concepts. It's a nice book for people who want to learn more about creating websites with Drupal. More details in this post over at drupal.org.

Reviewing books is a lot of fun - I might do that more often in future ;)

New versions of Drupal are out for the 4.5.x, the 4.6.x and the 4.7.0-beta branches which fix 4 (in words: four) security issues from four different categories, namely: access control bypassing, cross-site scripting, session fixation, and mail header injection.

All the gory details are available in the release announcement and the four advisories: DRUPAL-SA-2006-001, DRUPAL-SA-2006-002, DRUPAL-SA-2006-003, and DRUPAL-SA-2006-004.

Upgrade now!

Warning: If you're using 4.5.x, the patches for DRUPAL-SA-2006-003 will not fix the security issue immediately. You have two options: a) upgrade to 4.6.6 instead of 4.5.8, or b) upgrade to PHP >= 4.3.2.

Just a quick note: Drupal 4.7.0 beta 3 is available now, fixing more than 100 bugs since the last beta. If you have any further issues or suggestions for 4.7 — now is the time to speak up, file bug reports, post patches etc.

I haven't had too much time for Drupal development recently, but I guess I should really start updating the poormanscron module now (finally!) and help with getting the German translation up-to-date...