Security update

SA-CONTRIB-2014-007 - Services - Multiple vulnerabilities

Version 7.x-1.1 addresses a security issue that exposed potentially private data from mapped content to a savvy end-user. See SA-CONTRIB-2014-005 - Leaflet - Access bypass for more details. Additionally, a number of bugfixes following the 1.0 release and a few simple feature improvements have been included. It is recommended that anyone using 7.x-1.0 upgrade immediately to this version.

• Security Updates(SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing)
  1. Fix of HMAC value comparison that allowed circumventing the non-tampering validation.
  2. Fix the hardcoding of the HMAC key so that it's no longer required to extend the class so that each site has an unique key.
• New features: Added the possibility of storing a list of unbalanced binary trees in the cookie.

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities

No other fixes are included.

Maintenance and security release of the Drupal 6 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities

Only minor documentation fixes are included on top of the security fix.

SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)
- Security fix; prevent cross site scripting attacks which appear in release 7.x-1.2 and 7.x-1.3
- Issue #2074087: fix form validation error on name column
- Issue #2014249: Fix php notice: undefined property.