relation 7.x-1.1

Git tag 7.x-1.1
Security update

Fixes: Relation - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-063

If it is intended that relation endpoints (from relation dummy field widget display) should be shown to certain role, view relations permission should be given to those roles.

baidu_analytics 7.x-1.1

Git tag 7.x-1.1
Security update
Insecure

Fixes: baidu_analytics - Unsupported - SA-CONTRIB-2017-060

ajax_facets 7.x-3.7

Git tag 7.x-3.7
Security update
Bug fixes

The security problem with access to results of any view display was corrected in this release.
The vulnerability allowed to modify request and receive results of any view display if it was accessible for the current user.

Fixes ajax_facets - Unsupported - SA-CONTRIB-2017-061

services_views 7.x-1.2

Git tag 7.x-1.2
Security update

SA-CONTRIB-2017-062: Arbitrary Views exposed over API

This release provides a mechanism that allows you to secure view displays that are arbitrarily available via the Views resource. You will now be able to whitelist/blacklist specific view displays from being displayed.

alinks 8.x-1.1

Git tag 8.x-1.1
Security update

Changes since 8.x-1.0:

  • Change permission requirement for deleting an Alink

drd_server 6.x-2.10

Git tag 6.x-2.10
Security update

Fixes Drupal Remote Dashboard - Critical - Weak encryption keys - SA-CONTRIB-2017-046

Improve key length handling
Always generate random keys
Store and transport keys in base64 encoded format

Pages

Subscribe with RSS Subscribe to RSS - Security update