Download context-6.x-3.2.tar.gztar.gz 62.54 KB
MD5: 29787b2f07e881059b2bea6a6903680e
SHA-1: cd38850a776153144b418ca3ecd4a053fdc84251
SHA-256: 08b0c3b7da896ead4846900ccccca0c96d40acc2a7bc2d1d8b64bc24f724ffa5
Download context-6.x-3.2.zipzip 83.9 KB
MD5: d727124991755231ad7c0ca21af65b4f
SHA-1: d6031c13c93225e9c98dcbeccfdaa204fda5decf
SHA-256: a793220758481f1be7f2b82f07ce097928ae8d2a6e20b4ff6d9d00ca099bc6a4

Release info

Created by: tekante
Created on: 16 October 2013 at 02:55
Last updated: 16 November 2013 at 02:45
Core compatibility: 6.x
Release type: Security update

Release notes

* Vulnerability one - remote code execution possibility through json_decode implementation in the block reaction. This update removes the implementation in the block reaction and you will need to ensure your version of PHP included a json_decode function before applying.
* Vulnerability two - insufficient access control for ajax rendering of a block. The token based system has been removed. A new permission has been added should the need arise to give users access to the ajax rendering of blocks without administering contexts and a hook has been added to allow for fine grained access control should it be desired. See the context.api.php file for hook details.

Dependencies

The selected release is the release that will be used for automated testing. Optional projects are only used for testing.

Required

Optional

No optional projects