The 4.6.10 and 4.7.4 releases saw the addition of a new default form field to protect against cross site request forgeries. This has consequences for 1. 4.6 modules and themes that output raw HTML forms Those forms will always fail for authenticated users. 2. 4.7 modules and themes that rely on a defined set of form fields to be present Certain modules and themes output only specific form fields. As they do not output the form_token, the form will always fail validation for authenticated users. In addition, certain modules unset a few form fields, then save the remainder of the form. These modules need to account for the new field. Tip: devise something robust. See for details: Converting 4.6.9 modules to 4.6.10 <http://drupal.org/node/90004> Converting 4.7.3 modules to 4.7.4 <http://drupal.org/node/89999> Converting 4.6.x themes to 4.6.10 <http://drupal.org/node/90021> Converting 4.7.x themes to 4.7.4 <http://drupal.org/node/90024> Kind regards, Heine Deelstra