Security update

SA-CONTRIB-2012-028 - Hierarchical Select - Cross Site Scripting (XSS)

Changes since 6.x-3.7:

• Improve vocabulary help text.
• Fixed #1134838: Missing include breaks Features
• Fixed #778472: Multiple select taxonomy vocabulary doesn't work anymore

SA-CONTRIB-2012-024 - MediaFront - Cross Site Scripting

- Fixes some minor vulnerabilities within the stand alone PHP application for the OSM Player.
- Fixes some display issues.
- Upgrade the media player to the latest version.
- Introduce the minPlayer.

SA-CONTRIB-2012-024 - MediaFront - Cross Site Scripting

- Fixes some vulnerabilities within the stand alone PHP application for the OSM Player.
- Fixes some display issues.
- Upgrade the media player to the latest version.

This release fixes an access bypass vulnerability (previously it was checking for "access content" rather than "access ZipCart downloads" permission). See SA-CONTRIB-2012-026 - ZipCart - Access bypass

Also includes some minor other bugfixes and improvements.

The second beta release fixes an import security issue and a number of other important bugfixes, including integration with the new Mail theme setting from the Mailsystem module which allows to configure which theme should be used for simplenews newsletter templates. Additionally, this release provides the possibility to group multiple newsletter confirmations into a single mail.

Upgrading to this version is strongly recommened.

Changes since 7.x-1.0-beta1:

Note, this release contains a fix for the security vulnerability DRUPAL-SA-CONTRIB-2012-023 and upgrading is recommended.

Changes since 7.x-1.0-rc1: