Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Downloads
Download context-6.x-3.2.tar.gztar.gz
62.54 KB
MD5: 29787b2f07e881059b2bea6a6903680e
SHA-1: cd38850a776153144b418ca3ecd4a053fdc84251
SHA-256: 08b0c3b7da896ead4846900ccccca0c96d40acc2a7bc2d1d8b64bc24f724ffa5
Download context-6.x-3.2.zipzip
83.9 KB
MD5: d727124991755231ad7c0ca21af65b4f
SHA-1: d6031c13c93225e9c98dcbeccfdaa204fda5decf
SHA-256: a793220758481f1be7f2b82f07ce097928ae8d2a6e20b4ff6d9d00ca099bc6a4
Release notes
* Vulnerability one - remote code execution possibility through json_decode implementation in the block reaction. This update removes the implementation in the block reaction and you will need to ensure your version of PHP included a json_decode function before applying.
* Vulnerability two - insufficient access control for ajax rendering of a block. The token based system has been removed. A new permission has been added should the need arise to give users access to the ajax rendering of blocks without administering contexts and a hook has been added to allow for fine grained access control should it be desired. See the context.api.php file for hook details.
