This release addresses a security issue where block titles and menu titles were not escaped properly for XSS. Both vulnerabilities require the
administer menu and
administer blocks permissions to be exploited.
- Updated Hungarian translation.
- Fix for breadcrumb build if root menu is adjacent to link.
- Disable PURL rewriting on admin block menu items.
- #797492 by bibo, andermt: Fix for conflict with other JS in Safari, Chrome, IE.
- Fix for IE clone bug.
- #773204 by mfer: Expand scope of admin menu title CSS
- #850104: Ensure module is included for update 6202.
- #781410: Fix for installation of admin when menu module is off or 'admin' custom menu exists.
- Fix for extra border on My account block.
- Ensure no active classes when settings active class on initial drilldown state.
- #709872 by realityloop: Autohide on new pages option for Admin toolbar. #825422: Fixed height for horizontal menu and body push.
- #825532 by c4rl: Ensure delimiter is found before splitting.
- Improved IE7 support.
- #662662: Allow menus to be structured without a single root node.
- More IE fixes.
- #835796: Add wipe and rebuild tab.
- #746432: Push admin blocks through core theming stack to ensure preprocessors are run.
Last updated: December 24, 2010 - 22:25
Official release from tag: