See SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass
Fix for "Access bypass on editing og menus" was not included in 7.x-2.3. This release fixes this.
Fix for "Access bypass on editing og menus" was not included in 6.x-2.5. This release fixes this.
This release fixes a security issue. See SA-CONTRIB-2014-126 - Blockqueue - Cross Site Scripting for details. A confirmation form has been added before block deletion from a blockqueue.
Fix for SA-CONTRIB-2014-127 - School Administration - Cross Site Scripting (XSS)
Security update to improve handling of external data that is sent to the notification page callback, that could be exploited for a XSS attack.
SA-CONTRIB-2014-122 - MoIP - Cross Site Scripting (XSS)
Adds filtering to several user editable fields to mitigate the introduction of code, rather than the plain text which this module only ever intended to handle.
SA-CONTRIB-2014-123 - Postal Code - Cross Site Scripting (XSS)