Security update

This is a bugfix release for Simplenews 6.x-2.x that fixes a compatibility issue with Drupal 6.24 and newer and a fix for a security issue, see SA-CONTRIB-2012-095 - Simplenews - Information Disclosure for details.

Changes since 6.x-2.0-alpha3:

This is a maintenance release for Simplenews 6.x-1.x that includes a number of bugfixes including a fix for a security issue, see SA-CONTRIB-2012-095 - Simplenews - Information Disclosure for details.

Changes since 6.x-1.3:

SA-CONTRIB-2012-092 - Organic Groups - Cross Site Scripting (XSS) and Access Bypass

• #1512938 by mirzu, Grayside: Allow OG Links to be generated via API call instead of limited to calling for the full content of the Group Details Block.

uc_ajax_cart 6.x-2.1 is a is a security update and bug fix release that is compatible with the most recent versions of Ubercart (6.x-2.7 and higher). See SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID

Security fixes:

• Fixed information disclosure which included the user's PHP session ID in the JavaScript settings array on every page.

Important Changes:

• Issue #1437798 by stewart.adam: remove (out of scope) stock hook.

Note that this change means that uc_ajax_cart will no longer check product stock levels, as this feature is out of scope for this module and did not function entirely correctly anyways. Users wishing to preserve this behaviour are recommended to install a module dedicated to product stock management such as uc_out_of_stock.

Bug fixes:

• Issue #1317986 by tunic: Updating to Ubercart 6.x-2.7 breaks Ajax Cart
• Issue #1532144 by hanoii: Support for other fields type for qty when removing items.

This release includes only a security fix. See SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS) for more details.

See SA-CONTRIB-2012-091 - Tokenauth - Access bypass.