Security update

Fixes SA-Contrib-2018-15

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001

No other fixes are included.

This is a release candidate for the next feature release of Drupal 8. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates. This release also includes security fixes, so any sites already using 8.5.0-alpha1, 8.5.0-beta1, or 8.5.x-dev should update immediately!

Security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcements:

• Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001

No other fixes are included.

This release is a security release. See Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013 for more information.

Changes since 7.x-1.8:

Fixes Custom Permissions - Moderately critical - Access bypass - SA-CONTRIB-2018-010

Changes since 7.x-2.1:

• Alert the admin of invalid dynamic paths when she tries to save a new custom permission.