Security update

See SA-CONTRIB-2012-027 - Submenu Tree -Cross Site Scripting for details on a fix included in this release.

Minor bugfixes.

A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. The filedepot uses the YUI uploader and libraries - version 2.7.0 all the libraries are by default loaded from a CDN but the uploader is loaded locally.

Reference: http://yuilibrary.com/support/2.8.2/

This release contains a security update to fix directory traversal issues, and to properly munge filenames to protect against exploits on some server configurations. The Plupload module is still in beta (and therefore not recommended for use on production sites), but if you are using it on a production site you should update to this version to take advantage of the security fixes.

The release also contains bug fixes that allow the module to work with the latest version of the Plupload library (1.4.2).

Fix stripping for php code when counting words.
Add function so that canceled translation jobs can be synced with those on ICL server.
Various improvements for Drupal coding guidelines.

See SA-CONTRIB-2011-014 - Webform Block - Cross Site Scripting

The module does not properly sanitize some of its output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting (XSS) attack may lead to a malicious user gaining full administrative access.

Sec issue #44039: Taxonomy-Administrators can inject XSS into public pages.

Fixed by escaping vocabulary description and name before passing along to the theme layer.

see: DRUPAL-SA-CONTRIB-2011-013