These are all public in the queues, but creating this meta to help website administrators. I have not parse all 200 or so open bug reports for others.
#2542432 quickly checks what appears to be some false hits, but a second pair of eyes on these would be good.
#2077127: Potential WASC-19 SQL Injection
#2542432: CrossRef data should be sanitized
#2855901: Use security tokens in admin links
Strange "safe" security issue, the code can't actually run on a Drupal 7 installation.
Comments
Comment #2
Alan D. CreditAttribution: Alan D. commentedComment #3
Alan D. CreditAttribution: Alan D. commentedComment #4
Liam MorlandI have just joined this project as maintainer. Fixing security issues is now my top priority. If you want to help, review and mark RTBC the security issues.
Comment #5
Liam MorlandThe only identified security issue remaining is #2077127: Potential WASC-19 SQL Injection. Please review the comments there; I don't think there is actually a security issue there. I would appreciate a second set of eyes reviewing that.
Comment #6
Liam MorlandThe final issue is fixed.
Comment #7
Alan D. CreditAttribution: Alan D. commentedNice work :)
Me think I'm going to have some fun merging dev back into all my mods....