Downloads
Release notes
Add access control and flood control to prevent access bypass and CSRF vulnerabilities, plus additional minor fixes.
#251696: "Popular content" includes nodes user does not have access to
#1355598: Subject & body not changed
The upgrade is "code only" and does not require running the database update script.
IMPORTANT: Administrators of sites that rely on the Dynamic Block access bypass to operate correctly need to visit the Forward configuration page and explicitly select the Dynamic Block Access Control bypass option after upgrading. This should be rare, so most site administrators can simply upgrade the module without the need for additional configuration.