It would be nice to have a stable release to provide site builders more certainty that the module will get an SA for any security issues. Please feel free to update this issue summary to include links to issues to fix prior to that release.

As of this post, there are 3 critical bug in the queue.

#1056470: Data contains multiple SQL injection and XSS vulnerabilities seems like one critical issue to fix. It's even got a start on a patch.

Comments

joachim’s picture

joachim commented
Status: Active » Fixed

I've committed the patches for two of those criticals; as for #850280: DataHandler execute() fails on PostgreSQL - multiple table DELETE not supported, there's no patch (and people should be using decent database systems anyway ;)

I'm making a 1.0 release; let's see what bug reports come in :)

(I've been told not to tag it as a security release BTW.)

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

(I've been told not to tag it as a security release BTW.)

By who?

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

Re #2 - resolved and fixed. It was misinformation from #drupal-contribute

The "Security update" tag can be used on a release node even if there is no Security Advisory accompanying it.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.