Addresses an XSS vulnerability. For more information see SA-CONTRIB-2012-042 - Wishlist Cross Site Scripting (XSS).
Security update: Fixes SA-CONTRIB-2012-040 - (F)CKeditor XSS, arbitrary code execution.
New features:
This release addresses the following issues compared to the latest stable release in this branch (6.x-2.2).
#1398900: Trying to get property of non-object when editing user with no FCKeditor access
Contains a fix for SA-CONTRIB-2012-040 - (F)CKeditor XSS, arbitrary code execution.
This release fixes an access bypass vulnerability due to insufficient use of node_access(). See SA-CONTRIB-2012-037 - Slidebox - access bypass for details.