Security update

This resolves issues described in SA-CORE-2019-003 for this module.

Not all configurations are vulnerable. See SA-CORE-2019-003 for details.

Additionally, a few bugs have been fixed as well as minor improvements for certain fields and compatibility with latest Drupal core.

Contributors (9)

Berdir, mbovan, basti.diaaz, Ginovski, yongt9412, chipway, WidgetsBurritos, Peacog, Erik.Johansson

This resolves issues described in SA-CORE-2019-003 for this module.

Not all configurations are vulnerable. See SA-CORE-2019-003 for details.

This release includes various bugfixes and minor feature improvements, and one security fix for anyone using anonymous registration. For more on the security issue, see the announcement. Note that if you use anonymous registrations and send out links for registrants to re-visit their registrations later, you may need to update the format for your links to use the new hash link or property.

Changes since 7.x-2.0-beta2:

This release includes various bugfixes and minor feature improvements, and one security fix for anyone using anonymous registration. For more on the security issue, see the announcement. Note that if you use anonymous registrations and send out links for registrants to re-visit their registrations later, you may need to update the format for your links to use the new hash link or property.

Changes since 7.x-1.6:

• Security Issue 168858 by poiu, bleen, greggles: Fixed possible XSS issue (89 seconds ago)
  
• #2981114: Preview Page: Add unique class to each image by jedihe: Preview Page: Added unique class to each image (8 months ago)

Bug fixes and improvements

OAuth 2.0 Client Login (Single Sign-On) - Moderately critical - Multiple Vulnerabilities - SA-CONTRIB-2019-016.