Security update

Changes since 6.x-1.14:

Please download Drupal Commons from Acquia.com as the current Drupal.org tarball is not fully packaged.

Drupal Commons 2.6 contains product enhancements and security updates. Users are strongly encouraged to apply this security update.

Version announcements

Drupal Core updated

bug fixes
For more details see SA-CONTRIB-2012-072 - cctags - Cross Site Scripting (XSS)

Bug fixes
For more details see SA-CONTRIB-2012-072 - cctags - Cross Site Scripting (XSS)

See the Security Advisory SA-CONTRIB-2012-054 - Chaos tool suite - Cross Site Scripting (XSS) for details.

Changes since 7.x-1.0-rc2:

Fix for SA-CONTRIB-2012-053 - Organic Groups - Access Bypass

Highlights

• Tweaks to the OG Subscription workflow to better respect the difference between Open and Moderated group subscription. Also, themable with theme_og_subscribe_link()!
• New Views handlers: Filtering users by group, filter and sort by group description.
• Performance enhancement for sites using Spaces, or other modules that help determine group context.

Changelog

• API defaults improvement.
• #1412678 by drumm | xjm: Fixed User profile items should be user_profile_item().
• #1468422 by krueschi: Fixed Typo in README.txt.
• #1055508 by Grayside: Added Better UI for Moderated Group Pending Membership.
• #1264752 by hefox: Added Use db_rewrite_sql() on user listing queries.
• #1432016 by goron: Added Make og_subscribe_link() themable.
• #1288184: Correct syntax errors in action add member watchdog.
• #1051258 by mikestefff: Add form widget labels to the 'add subscription' form.