See Workbench Scheduler - Moderately Critical - Access Bypass - SA-CONTRIB-2016-049
Changes since 7.x-1.8:
This release addresses bugs/security issues and adds a few requested features.
New Features include:
Warning: There is no upgrade path
This resolves a problem with the 7.x-3.2 update and the following SA:
It is required to update Panels at the same time, due to the new storage API, failure to do so may result in a broken site.
This release also implements changes required for Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047
Full changelog since 7.x-3.2:
This release of panels 3.6 brings in mostly bugfixes, and a few minor feature enhancements. It also includes two fixes that resolve the following SA:
* Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047
All sites are strongly recommended to update to 7.x-3.7 instead of this release.
See the full release notes at: http://docs.aegirproject.org/en/3.x/release-notes/3.7/
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.