Security update

The twentythird maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities have been committed. New features are only being added to the forthcoming Drupal 8.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

Add access control and flood control to prevent access bypass and CSRF vulnerabilities, plus additional minor fixes.

Add access control and flood control to prevent access bypass and CSRF vulnerabilities, plus additional minor fixes.

Fixed a XSS vulnerability: SA-CONTRIB-2012-041

See also SA-CONTRIB-2012-025 - Cool aid; Editable help messages - Multiple vulnerabilities

Issue #1403024 by danielb: Put setup js in a ready function.
Issue #1403024 by danielb: More js updates.

Drupal Commerce 1.2 represents the efforts of 25 credited contributors and many others who reported bugs and usability improvements and helped test the solutions. This release primarily improves Drupal Commerce's performance and usability while including a variety of minor bug fixes, API improvements, and a minor security fix as described in SA-CONTRIB-2012-014 - Drupal Commerce - Cross Site Scripting (XSS).

Read on for a brief description of the changes since Drupal Commerce 1.1, notes on updating from previous versions, and a full change log of commits.