Security update

Fixed an access hole. And added new features.

See more details at SA-CONTRIB-2012-111 - Security Questions - Access Bypass

• Resolved an open redirect issue DRUPAL-SA-CONTRIB-2012-098
• Removed the theme template and replaced with raw output
• Resolved access callbacks in hook_menu to appropriate access functions
• Corrected xdcomm.js paths
• Per-user, encrypt the refresh_token stored in the session data

• Resolved an open redirect issue DRUPAL-SA-CONTRIB-2012-098
• Removed the theme template and replaced with raw output
• Resolved access callbacks in hook_menu to appropriate access functions
• Corrected xdcomm.js paths
• Per-user, encrypt the refresh_token stored in the session data
• Removed jquery_update dependency
• Changed admin settings menu path

Fixed XSRF issue which potentially allowed malicious users to craft a link which could change the order of a node's children if accidentally visited by a site admin. See SA-CONTRIB-2012-099 - Node Hierarchy - Cross Site Request Forgery - CSRF

Note, to get the fully packaged version of Drupal Commons, download Commons from Acquia.com as the Drupal.org release contains only the Commons feature modules and does not contain Drupal core or contributed projects.

For the latest release notes an upgrade instructions, see https://docs.acquia.com/commons/whats-new.

This is the first release candidate for Simplenews 7.x-1.x that includes a large number of bugfixes including a fix for a security issue, see SA-CONTRIB-2012-095 - Simplenews - Information Disclosure for details.

Changes since 7.x-1.0-beta2: