Security update

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001

No other fixes are included.

This is a release candidate for the next feature release of Drupal 8. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates. This release also includes security fixes, so any sites already using 8.5.0-alpha1, 8.5.0-beta1, or 8.5.x-dev should update immediately!

Security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcements:

• Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001

No other fixes are included.

This release is a security release. See Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013 for more information.

Changes since 7.x-1.8:

Fixes Custom Permissions - Moderately critical - Access bypass - SA-CONTRIB-2018-010

Changes since 7.x-2.1:

• Alert the admin of invalid dynamic paths when she tries to save a new custom permission.

This release of FileField Sources fixes several long-standing bugs that have been fixed by the community as well as a security fix that now properly hides the file names when using the autocomplete source. The security fix only applies to users that both used the autocomplete source and used private files on the same field. See the security announcement at https://www.drupal.org/sa-contrib-2018-007 for more information.

Changes since 7.x-1.10