Security update

This release of 6.x-3.x fixes one security issue. Updating is strongly recommended for all Drupal 6 webform users.
See SA-CONTRIB-2015-063 - Webform - Cross Site Scripting (XSS) for details.

Security issue

When a webform is made available as a block, the node's title is used as the default block title. This title is not sufficiently sanitized, leading to a Cross Site Scripting (XSS) vulnerability.

See SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass

Changes since 7.x-1.1:

Summary of changes since 7.x-1.0-alpha3

Fixes minor security issue #2442875: Displays labels of entities user doesn't have access to. Does not fix known issue #2383903: Cannot save queues with entities user doesn't have access to.

Multiple bug fixes. New features include:

• #2349051: Make contextual links work for all kinds of view displays, not just blocks
• #2399701: Add views field and sort handlers for subqueue_id
• #2297551: Add a views filter for entityqueue relationships

See SA-CONTRIB-2015-064 - Ubercart Discount Coupons - Cross Site Scripting (XSS)

Fixes SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting (XSS)

Fixes SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting (XSS)