Release info

Created by: john.oltman
Created on: February 1, 2012 - 02:29
Last updated: March 12, 2012 - 14:08
Core compatibility: 7.x
Release type: Security update

Release notes

Add access control and flood control to prevent access bypass and CSRF vulnerabilities, plus additional minor fixes.

#251696: "Popular content" includes nodes user does not have access to
#1355598: Subject & body not changed

The upgrade is "code only" and does not require running the database update script.

IMPORTANT: Administrators of sites that rely on the Dynamic Block access bypass to operate correctly need to visit the Forward configuration page and explicitly select the Dynamic Block Access Control bypass option after upgrading. This should be rare, so most site administrators can simply upgrade the module without the need for additional configuration.