Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This release includes a fix for a cross-site scripting (XSS) vulnerability in which JavaScript could be inserted in the title of the Recent Comments block via a custom block title interface. This custom title interface has been removed, as Drupal 5.x and later allow overriding the a block's title from its configuration screen.
This release includes a fix for a cross-site scripting (XSS) vulnerability in which JavaScript could be inserted in the title of the Recent Comments block via a custom block title interface. This custom title interface has been removed, as Drupal 5.x and later allow overriding the a block's title from its configuration screen.