filedepot 6.x-1.3

Git tag 6.x-1.3
Security update

See SA-CONTRIB-2012-090 - File depot - Session Management Vulnerability.

This release addresses a SESSION control issue that caused IE browser users to switch users if they had multiple sessions open with different browsers on the same desktop.

search_api_solr 7.x-1.0-rc2

Git tag 7.x-1.0-rc2
Security update
Insecure

This release contains an important security fix. Users of the module are strongly encouraged to update to this version as soon as possible.
If you are using an older version, incorrectly escaped error messages might lead to your site being vulnerable to an XSS attack. Note, however, that this can only occur if you somehow allow users to specify the used internal field identifiers (e.g., through Views exposed sorts or the old (deprecated) Search API Facets module).

search_api_multi 7.x-1.0-beta3

Git tag 7.x-1.0-beta3
Security update

This release contains only one change compared to the previous Beta 2 release: some error messages weren't properly escaped, which has now been fixed.

Since this might lead to an XSS vulnerability on your site (depending on the rest of your search setup), it is strongly recommended that you update to this new version.

search_api_db 7.x-1.0-beta3

Git tag 7.x-1.0-beta3
Security update

This release contains only one change compared to the previous Beta 2 release: some error messages weren't properly escaped, which has now been fixed.

Since this might lead to an XSS vulnerability on your site (depending on the rest of your search setup), it is strongly recommended that you update to this new version.

search_api 7.x-1.1

Git tag 7.x-1.1
Security update
New features
Bug fixes
Insecure

See also SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)

This is a security release, containing an important security fix. Users of the project are strongly encouraged to update to this version as soon as possible.
If you are using an older version, incorrectly escaped error messages might lead to your site being vulnerable to an XSS attack. Note, however, that this can only happen if you have some advanced search mechanism, like a view with exposed sorts or use the old (deprecated) Facets module.

As announced in the RC1 release notes, this release also removes the old Facets module, in the future only the Facet API integration is supported.

browserid 7.x-1.3

Git tag 7.x-1.3
Security update

See also SA-CONTRIB-2012-085 - BrowserID - Multiple Vulnerabilities

This release resolves security issues and is recommended for everyone. It also introduces a dependency on the Session API module, which should be installed before upgrading to BrowserID 7.x-1.3 (or later).

Pages

Subscribe with RSS Subscribe to RSS - Security update