permissions_by_term 8.x-1.11

Git tag 8.x-1.11
Security update
Bug fixes
Insecure

Permissions by Term -- Critical - Multiple vulnerabilities - SA-CONTRIB-2017-001

- Fixes critical security bug: Enabling the module gives access to all unpublished nodes as anonymous user - thanks to the Drupal security team for assisting in the fix and thanks to user cedric_a for reporting the issue.

permissions_by_term 8.x-1.09

Git tag 8.x-1.09
Insecure
Security update

Fixed critical issue with publishing "all" unpublished content after enabling PBT. Thanks to user cedric_a for reporting via security.drupal.org!

cshs 8.x-1.0-beta2

Git tag 8.x-1.0-beta2
Security update
Bug fixes
New features
  1. #2792375: Term references not translated
  2. #2833531: XSS vulnerability in "level_labels" configuration field

acquia_contenthub 8.x-1.0

Git tag 8.x-1.0
Security update
Bug fixes
New features
Insecure

Changes

  • Removed CORS support to improve security. (CHMS-1004)

Fixed issues

  • Discovery and import no longer fail for translations using the und or zxx language options. (CHMS-994)
  • Content Hub now uses per-entity type configuration entities. (CHMS-1030)
  • Cache tags for exported entities are now correctly expired. (CHMS-1061)

media 7.x-2.0-beta12

Git tag 7.x-2.0-beta12
Security update
Insecure

This release fixes a security issue.

If you use the media module version 7.x-2.0-beta8, 7.x-2.0-beta9, 7.x-2.0-beta10 or 7.x-2.0-beta11 for Drupal 7.x, upgrade to 7.x-2.0-beta12 immediately.

One line of code was updated, for more details: https://www.drupal.org/commitlog/commit/698/197a7ec277ddf115a0a85c2613b5...

js 7.x-2.1

Git tag 7.x-2.1
Security update
Bug fixes

High-performance JavaScript callback handler - Highly Critical - Multiple vulnerabilities - SA-CONTRIB-2016-063

Bug fixes:
#2828768: JS.snakeCaseObject() can break objects

Pages

Subscribe with RSS Subscribe to RSS - Security update