Security update

Bug fixes:

• #2058541: Warning after update to 7.x-1.1: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM
• #2058267: Warning after update to 7.x-1.1

Security issue:

In addition to a wide range of enhancements this release also adds a fix for a minor access bypass security issue (#2055139). This fixes a problem where some juicebox gallery metadata might be accessible through an XML request even if the entity that the gallery is attached to is view restricted. This issue does not qualify for a Drupal security advisory, but several additional notes are available via the details posted in #2055139.

The security fix above may also warrant a configuration change for users who are attaching Juicebox galleries to things other than Drupal nodes, users or views. If this includes you please see these change notes (this is less common and most users can just upgrade seamlessly).

This release also marks the first officially packaged stable release of Juicebox. Note that version 7.x-1.0 was never formally packaged/released as it is identical to the most recent 7.x-1.0-rc2 release.

Notable enhancements within this release include the addition of search engine index support, improved views support and more robust handling of markup within titles and captions for field-based galleries.

Bug/security fixes include:

This is a security release, upgrading to the latest version is recommended. SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache) - Information Disclosure

SA-CONTRIB-2013-061 - flippy - Access Bypass
Replacing db_select with Entity field query to allow order by other node elements.
Adding tag 'node_access' to Entity field query, so that we only display the links to the nodes that user has the permission to view.
Solve the 'block delta too long' issue.

This release fixes a critical SQL injection vulnerability. It is mitigated by the fact that an attacker must have the permission to access a resource (example: Access the resource node) in order to exploit this.

Since development of this module has slowed down significantly over the last months this release also marks the first stable release, in order to get proper security advisories for any future security issues.

See also SA-CONTRIB-2013-060

This releases include a lot of bug fixing, one new experimental feature and fixes a security issue.

Major changes since 7.x-1.0

• Fix a security issue in MEE and Scald Flash
• Bulk upload option added, Scald Image can now integrate with plupload to create multiple atoms on the fly
• Improved integration with Entity API
• Improved browser compatibility
• Lots of small bug fixed

All changes since 7.x-1.0: