Security update

SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass

Changes since 7.x-2.6:

This resolves a critical security vulnerability, SA-CONTRIB-2014-048, all users are strongly urged to update immediately. It also resolves a few bugs and makes some improvements.

This is the first stable release of the Field API Tab Editor (FATE) module. It rounds out all of the initial functionality, and resolves a security vulnerability first identified in the original Field API Pane Editor (FAPE) module, upon which FATE is based (the vulnerability is less severe in FATE than FAPE due to additional security checks).

This release only contains only a single change, a fix for a XSS security vulnerability. More information is available at: SA-CONTRIB-2014-047 - Zen - Cross Site Scripting

This release only contains only a single change, a fix for a XSS security vulnerability. More information is available at: SA-CONTRIB-2014-047 - Zen - Cross Site Scripting

SA-CONTRIB-2014-046 - Context Form Alteration - Cross Site Scripting (XSS)

This module enables admins to alter forms via Context reactions.
The module doesn't sufficiently sanitize user input entered within the Context configuration UI.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer contexts".