bot_alarm 6.x-1.2

Git tag 6.x-1.2
Security update

Fix for SA-CONTRIB-2011-039 - Bot Alarm - Multiple vulnerabilities

Vulnerability: Cross Site Scripting

The module does not properly escape the message and channels of alarms in pages listing the alarms, leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission 'administer bot'.

Vulnerability: Cross Site Request Forgery

node_invite 6.x-2.3

Git tag 6.x-2.3
Security update
Insecure

SA-CONTRIB-2011-037- Node Invite - Cross Site Scripting

tvi 7.x-1.0-alpha1

Git tag 7.x-1.0-alpha1
Security update

SA-CONTRIB-2011-038 - Taxonomy Views Integrator - Cross Site Scripting

tvi 6.x-1.2

Git tag 6.x-1.2
Security update
New features
Bug fixes
Insecure

Applying patches for #769858, #856326, 1096012, 1254092

SA-CONTRIB-2011-038 - Taxonomy Views Integrator - Cross Site Scripting

protected_node 6.x-1.6

Git tag 6.x-1.6
Security update
New features
Bug fixes

This release includes a fix for SA-CONTRIB-2012-101 - Protected Node - Access Bypass.
Note: many of the following bugs, fixes, etc. are intermediary (i.e. between different development stages); I keep them here for reference

* Issue #1179048: Password fields should be mandatory by eL: global passwords must be ignored if the node was created by the anonymous user.
* Issue #1179048: Password fields should be mandatory from eL: Password fields should be mandatory -- especially for anonymous users.
* Issue #1179048: Password fields should be mandatory by eL: Password fields should be mandatory.
* Issue #1137526: No password for viewing but a password for editing by eL and AlexisWilke:
** Select status of the protected node field set when editing the node.
** Select whether a node is always protected, is protected by default, or never protected.
** "Security fix," avoid saving the global password in clear (this was in one of the alpha version and not considered as a security issue by the Drupal security team.)
** Added information about the hook_protected_node_hide() callback.
** Fixed the INSERT to include the protected node hint field.
** Added some missing documentation.
** Added support for a node type wide password.
* Issue #1159948: edit properties uses insert instead of update by ferrum: edit properties uses insert instead of update when password is empty.
* Fixed syntax errors in comments and strings, removed useless comments.
* Issue: #1159964: autoincrement nid field by ferrum: autoincrement nid field (replaced by simple int).

forward 6.x-1.20

Git tag 6.x-1.20
Security update
Insecure

Check to ensure that the page being forwarded refers to an internal path. This prevents someone from hard coding a forward link to an unscrupulous external site.

Pages

Subscribe with RSS Subscribe to RSS - Security update