todo_filter 7.x-1.1

Git tag 7.x-1.1
Security update

See SA-CONTRIB-2015-011 - Todo Filter - Cross Site Request Forgery (CSRF)

Also includes earlier fix:
#803224: Checking an item off the list doesn't make it permanent

wikiwiki 6.x-1.2

Git tag 6.x-1.2
Security update

See SA-CONTRIB-2015-005 - WikiWiki - SQL injection.

linkit 7.x-3.3

Git tag 7.x-3.3
Security update
  • by Marty2081, anon: Fixed output of entity title.
  • #2363681 by MiroslavBanov: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'weight' in 'order clause'
  • #2158107 by stefan.r, dsnopek, gmclelland, anon, MiroslavBanov, fabsor: files: link inserted does not point to download but to entity page ("/file/FID" instead of "/system/files/FILEPATH")
  • #2133725 by skylord: No search results appearing

linkit 7.x-2.7

Git tag 7.x-2.7
Security update
  • by Marty2081, anon: Fixed output of entity title.
  • #1969500 - Links disappearing on node edit (ACF problem).

SA-CONTRIB-2014-009 - Linkit - Cross Site Scripting (XSS).

batch_jobs 7.x-1.2

Git tag 7.x-1.2
Security update

Updates callbacks for debugging or removing a batch job to better protect them.

htaccess 7.x-2.3

Git tag 7.x-2.3
Security update

This is a security release. SA-CONTRIB-2015-007 - Htaccess - Cross Site Request Forgery (CSRF).

Some administration links were not properly protected. A malicious user could trick an administrator into deploying and deleting .htaccess files by getting them to request certain URLs, thereby leading to a Cross Site Request Forgery (CSRF) vulnerability.

No database change.

Pages

Subscribe with RSS Subscribe to RSS - Security update