Changes since 7.x-2.2:
Changes since 8.x-1.0-alpha1:
Fixes Views Megarow - Critical - Access Bypass - SA-CONTRIB-2016-029
This release fixes an XSS vulnerability in the Entity Translation UI page titles. Since Entity Translation has no stable release yet, it is not officially supported by the security team. The issue was managed in the s.d.o private queue but no Security Advisory is going to be created.
Please see the Updating Open Atrium guide!
IMPORTANT : Make a BACKUP of your database before applying any updates.
NOTE: : When running updates, it is normal to see "oa_core_update_7236" run many times depending on the amount of content on your site. Do not abort the update process, allow it to complete.
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.