Voting starts in March for the Drupal Association Board election.
This is a security release, containing an important security fix. Users of the project are strongly encouraged to update to this version as soon as possible.
If you are using an older version, incorrectly escaped error messages might lead to your site being vulnerable to an XSS attack. Note, however, that this can only happen if you have some advanced search mechanism, like a view with exposed sorts or use the old (deprecated) Facets module.
As announced in the RC1 release notes, this release also removes the old Facets module, in the future only the Facet API integration is supported.
Complete list of changes:
- Fixed escaping of error messages.
- #1330506 by drunken monkey: Removed the old Facets module.
- #1504318 by peximo: Fixed Views pager offset.
- #1141488 by moonray, drunken monkey: Added option to use multiple values with contextual filters.
- #1535726 by bojanz, joelpittet: Fixed arguments for
$service->configurationFormValidate()for empty forms.
- #1400882 by mh86: Fixed "Index hierarchy" for "All parents".