Download forward-7.x-1.3.tar.gztar.gz 26.88 KB
MD5: 136b16da0beac72119815a762809f48f
SHA-1: b5300143f9b8eabbb7215046d40ef29937ca64e9
SHA-256: 6b442fb200117fd31cd824713f1f522c2bc2ab8b18dbcda20bc37627dc5c3ecd
Download forward-7.x-1.3.zipzip 29.61 KB
MD5: e80890fe38656d669e478a83298e7351
SHA-1: f58245d0700aead5a3772a17fdc3d87b1e3328cb
SHA-256: fa08bc4878910109c5c3dec170bf502af52241fbdc05aa5aa12d01dd533cbf00

Release info

Created by: john.oltman
Created on: February 1, 2012 - 02:29
Last updated: March 12, 2012 - 14:08
Core compatibility: 7.x
Release type: Security update

Release notes

Add access control and flood control to prevent access bypass and CSRF vulnerabilities, plus additional minor fixes.

#251696: "Popular content" includes nodes user does not have access to
#1355598: Subject & body not changed

The upgrade is "code only" and does not require running the database update script.

IMPORTANT: Administrators of sites that rely on the Dynamic Block access bypass to operate correctly need to visit the Forward configuration page and explicitly select the Dynamic Block Access Control bypass option after upgrading. This should be rare, so most site administrators can simply upgrade the module without the need for additional configuration.