menu_access 6.x-1.9

Git tag 6.x-1.9
Security update

This releases fixes DRUPAL-SA-CONTRIB-2011-019.

This release also includes:
* 612882 - menu settings permissions error - sinasquax
* 822026 - User level access rights not overriding - webternals
* 618828 - editing a menu item shows all menus and it shouldn't - Taran2l
* - removing netbeans project files -Yuck
* 718378 - Adding dynamic security block for all menus - greenbeans

nodereference_url 7.x-1.10

Git tag 7.x-1.10
Security update

The 1.10 release of Node Reference URL Widget corrects an XSS security hole. All previous versions of Node Reference URL Widget would not sanitize the node title when displaying the referenced node. Upgrading is recommended for all users.

See SA-CONTRIB-2011-018 - Node Reference URL Widget - Cross Site Scripting

nodereference_url 6.x-1.10

Git tag 6.x-1.10
Security update

The 1.10 release of Node Reference URL Widget corrects an XSS security hole. All previous versions of Node Reference URL Widget would not sanitize the node title when displaying the referenced node. Upgrading is recommended for all users.

See SA-CONTRIB-2011-018 - Node Reference URL Widget - Cross Site Scripting

media 7.x-1.0-beta4

Git tag 7.x-1.0-beta4
Security update
Bug fixes
Insecure

This release fixes several bugs and also contains a security fix.

This release contains a security update to properly munge filenames to protect against exploits on some server configurations. The Media module is still in beta (and therefore not recommended for use on production sites), but if you are using it on a production site you should update to this version to take advantage of the security fixes.

Changes of note:
Issue #1106922: Cleaned up files and directories, moved includes and asset folders
Issue #866572: Show confirmation dialog when switching between view modes in admin media browser that selections will be lost
Issue #1031910 by effulgentsia: Do not allow temporary files to be selected
Issue #1070974 by DamienMcKenna: Additional helptext for input filters if wysiwyg module is enabled
Issue #1070708 by ngmaloney: Validate that content inside media [[ tags is actually json.
Issue #1015580 by Jacob Singh, Damien Tourand: Initialize media types on install and pprovide a batch op
#1049446: Sets the default behavior for media dialogs to the admin_theme
#1049446: Provide a settings for for general media browser settings and rename dialog_theme variable
#1046290 by duckofdeath: add t() to confirm check in import validate.
#1038936 by mfb: Allow rb mode for stream wrapper

save_draft 7.x-1.4

Git tag 7.x-1.4
Security update

Fixes security vulnerability in which node validation was being bypassed (SA-CONTRIB-2011-017).
Adds test coverage.
#1126292: Wording changes

save_draft 6.x-1.8

Git tag 6.x-1.8
Security update

Fixes security vulnerability in which node validation was being bypassed (SA-CONTRIB-2011-017).
Adds test coverage.
#1126292: Wording changes

Pages

Subscribe with RSS Subscribe to RSS - Security update