Security update

In some cases versions prior to 5.x-1.9/6.x-alpha2 did not properly sanitize user input, leading to a SQL Injection (SQL Injection) vulnerability. Such an attack may lead to a malicious user gaining full administrative access. Please upgrade to this version.

In some cases versions prior to 5.x-1.9/6.x-alpha2 did not properly sanitize user input, leading to a SQL Injection (SQL Injection) vulnerability. Such an attack may lead to a malicious user gaining full administrative access. Please upgrade to this version.

SA-CONTRIB-2009-109 - Printfriendly - Cross Site Scripting

2009-11-18
The following bugs have been fixed since Ubercart 6.x-2.0 (-r 2001..2015), including two security updates outlined in SA-CONTRIB-2009-107:

• #610664 by Island Usurper: fix the country_id column in uc_countries to be an integer without auto_increment.
• #609444 by Island Usurper: Make countries that don't have different names work for USPS again.
• #611044 by Carsten Müller: Avoid conflict with date_order().
• #613498 by Island Usurper: Let product features affect product shippability correctly.
• #622998 by FiNeX: supply a missing t() in an order pane.
• #622998 by FiNeX: supply a missing t() in an order pane (again).
• Updating the version number for the next release.
• #618932 by Island Usurper: Remove predicate locking entirely.
• u#14100 by Lyle: Allow product nodes to have titles with 255 characters.

The following bugs have been fixed, including two security updates outlined in SA-CONTRIB-2009-107.

SA-CONTRIB-2009-108 - Gallery Assist - Cross Site Scripting