See SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)
Changes since 7.x-1.5:
Changes Since 7.x-1.1
See SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting (XSS).
Security update, not other changes. See SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass
This includes a fix for a moderately critical security vulnerability. You can learn more in the security advisory:
SA-CONTRIB-2015-047 - Panopoly Magic - Cross Site Scripting (XSS).
Changes since 7.x-1.16:
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.