Security update

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

No other fixes are included.

Maintenance and security release of the Drupal 6 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

No other fixes are included.

This is an incremental release for ctools 6.x-1.x. ctools 6.x is only maintained for security releases, and contains the following issue:

SA-CONTRIB-2015-079 - Chaos tool suite (ctools) - Multiple vulnerabilities

If you haven't already we suggest updating to Drupal 7 to get the most out of new ctools features!

This release of ctools is primarily a bug fix, and contains two security issues:

SA-CONTRIB-2015-079 - Chaos tool suite (ctools) - Multiple vulnerabilities

Other Changes since 2015-01-29 (ctools 1.6):

See SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting (XSS)

This release of 7.x-4.x fixes one security issues and a number of bugs. Updating is strongly recommended for all users of the 7.x-4.x branch. See SA-CONTRIB-2015-078 - Webform - Cross Site Scripting (XSS) for details.

Security issue

When a webform component is used as the "To" address or addresses for sending an e-mail, the name of the component is not sufficiently sanitized when it is displayed in the list of e-mail settings, leading to a Cross Site Scripting (XSS) vulnerability.