Security update

See Workbench Scheduler - Moderately Critical - Access Bypass - SA-CONTRIB-2016-049

Changes since 7.x-1.8:

• Bug Fix: by cboyden, partdigital: VBO allows scheduling content types for which schedules are not enabled

This release addresses bugs/security issues and adds a few requested features.

New Features include:

• An option to allow schedules on published revisions to remain active.
• A new “Scheduled Content” tab on the workbench page.
• Reworked permissions which removes “Set workbench schedule” permission and adds a few new permissions. This is a pretty big change so for more information please see issue: #2718725

Warning: There is no upgrade path

Security problems:

• We are using Guzzle library as dependency. As followup to SA-CORE-2016-003 we recommend to update Guzzle to version 5.3.1. Update can be done using Composer Manager module.

This resolves a problem with the 7.x-3.2 update and the following SA:

• Panelizer - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-048

It is required to update Panels at the same time, due to the new storage API, failure to do so may result in a broken site.

This release also implements changes required for Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047

Full changelog since 7.x-3.2:

This release of panels 3.6 brings in mostly bugfixes, and a few minor feature enhancements. It also includes two fixes that resolve the following SA:

* Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047

All sites are strongly recommended to update to 7.x-3.7 instead of this release.

See the full release notes at: http://docs.aegirproject.org/en/3.x/release-notes/3.7/