Security update

This release contains a security fix (see the advisory). An upgrade is recommended to all users of webform 7.x-3.x

Besides the backport of the security fix this release also includes a backport of the webform4 webform_get_submissions(). This allows other modules (ie. webform_submission_uuid) to extend the webform submission data more easily.

Fixes Elysia Cron - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-052

This is a major release of panels that includes many panels IPE enhancements, some security features, wizards API, and better integration with workflow/workbench moderation.

Note: While this beta releases are not covered by the Drupal Security team, this release fixes the following access bypass issue:

• #2767009 by samuel.mortenson: "Create content" is displayed unconditionally

Other Changes since 3.0-beta4:

Changes since 7.x-1.0-beta5:

• Issue #160987 by bellesmanieres, sergiuteaca: Modules redirects to any URL passed as parameter

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcements:

• Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

No other fixes are included.

Known issues

In certain configurations and environments, batched exports may not be downloadable. A patch that should address the issue is available in #2800895-8: Access denied when performing batched export as admin.

Changes since 7.x-3.0-beta9: