node_embed 7.x-1.0

Git tag 7.x-1.0
Security update
Bug fixes
Insecure

SA-CONTRIB-2012-093 - Node Embed - Access Bypass
Security update to add permission to node list used in CKEditor and #1481526: Suppress Administration Menu module's toolbar in the Node Embed popup

protest 7.x-1.2

Git tag 7.x-1.2
Security update

SA-CONTRIB-2012-097 - Protest - Cross Site Scripting (XSS).

protest 6.x-1.2

Git tag 6.x-1.2
Security update

SA-CONTRIB-2012-097 - Protest - Cross Site Scripting (XSS).

maestro 7.x-1.2

Git tag 7.x-1.2
Security update
Insecure

Fixed security related issues that could allow a XSS or CSRF attack and potentially allow someone to post a link that an maestro admin clicks on and deletes workflow related data. Added token support to all forms and AJAX actions to secure all forms and admin/user actions. See SA-CONTRIB-2012-094 - Maestro module - Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) for more details.

Additional fixes and changes from previous commits to the dev branch include:

lang_dropdown 7.x-1.4

Git tag 7.x-1.4
Security update
Bug fixes

Changes since 7.x-1.3:

amadou 6.x-1.3

Git tag 6.x-1.3
Security update

See SA-CONTRIB-2012-086 - Amadou - Cross Site Scripting.

An XSS vulnerability was identified in Amadou theme's themes_links() function in the template.php file, which was fixed in the theme_links() function in Drupal 6.3 as noted in (SA-2008-044 http://drupal.org/node/280571).

This release fixes that security issue and should be applied to all Drupal 6 websites running Amadou theme.

The current 6.x-1.x-dev release also contains this fix.

Pages

Subscribe with RSS Subscribe to RSS - Security update