Download Size md5 hash
context-6.x-3.2.tar.gz 62.54 KB 29787b2f07e881059b2bea6a6903680e 83.9 KB d727124991755231ad7c0ca21af65b4f
Last updated: October 16, 2013 - 02:56

Release notes

* Vulnerability one - remote code execution possibility through json_decode implementation in the block reaction. This update removes the implementation in the block reaction and you will need to ensure your version of PHP included a json_decode function before applying.
* Vulnerability two - insufficient access control for ajax rendering of a block. The token based system has been removed. A new permission has been added should the need arise to give users access to the ajax rendering of blocks without administering contexts and a hook has been added to allow for fine grained access control should it be desired. See the context.api.php file for hook details.

View change notices for this release
Official release from tag: