wordpress_import 6.x-2.1

Git tag 6.x-2.1
Security update
Bug fixes
  • Fix access security issue.
  • #693220, 714492: Implement a simple check to verify if WXR file is parsed completely by XMLReader, otherwise assume XML errors. Produce helpful error message and document possible causes/solutions in README.
  • Fix password-protected count on results page.
  • #713384 by willmoy: add array check in user creation process.

heartbeat 6.x-4.9

Git tag 6.x-4.9
Security update
New features
Bug fixes
Insecure

- Refactored heartbeat comments and shouts to sanitize the user input.
When shouts are displayed, the content is now sanitized with filter_xss
to filter the user input.
Actions:
- Upgraded heartbeat.install so the default allowed tags are more secure.
There is a left-over img attack but the code where this filtering is done,
is managed by a higher level permission. Before heartbeat messages,
heartbeat comments (and shouts) were sanitized with this tags match. It is

civiregister 6.x-1.1

Git tag 6.x-1.1
Security update

SA-CONTRIB-2010-048: CiviRegister - Cross Site Scripting

logintoboggan 6.x-1.7

Git tag 6.x-1.7
Security update
Bug fixes

Changes since DRUPAL-6--1-6:

logintoboggan 5.x-1.7

Git tag 5.x-1.7
Security update
Bug fixes

Changes since DRUPAL-5--1-6:

wordfilter 5.x-1.1

Git tag 5.x-1.1
Security update

Changes since DRUPAL-5--1-0:

Pages

Subscribe with RSS Subscribe to RSS - Security update