g2 6.x-1.0

Security update

This is the first stable version of G2 for Drupal 6.x.

It includes several security fixes over the pre-release -dev version, as well as a new XML-RPC client demo.

However, the -dev branch is quite stable and should be preferred in most cases.

rootcandy 6.x-1.5

Security update

The theme fails to sanitize a value in the url, leading to a Cross Site Scripting (XSS) vulnerability.

zen 6.x-1.1

Security update
New features
Bug fixes

See SA-CONTRIB-2012-081 - Zen - Cross Site Scripting.

  • #478134 by mithrill: Improve docs about sites/all/themes and sites/default/themes folders
  • #600758 by mattyoung: Secondary links run together in one line with primary links
  • #600344 by mgifford: Use of absolute font size in block editing links breaks WCAG 2.0
  • #546904 by Jennifer_M: List $node as available variable in page.tpl.php
  • #583716 by droidenator: Empty title can cause breadcrumbs to display incorrectly
  • #600920 by kto.3decb: Fix incorrect comment block class name
  • #297084: Remove ctype_lower() from zen_id_safe() to prevent WSOD/Fatal error on some systems
  • #317417 by JohnAlbin and quicksketch: Fix off-line maintenance page since drupal_get_path('theme', 'zen') won't work
  • #545320 by Deslack: Use of split() generate E_DEPRECATED warnings on PHP 5.3.0

userprotect 6.x-1.3

Security update
New features
Bug fixes

Changes since DRUPAL-6--1-2:

userprotect 5.x-1.4

Security update
Bug fixes

Changes since DRUPAL-5--1-3:

  • #223428 by hunmonk: add pager to protected user/admin bypass tables.
  • #368722 by dboulet, cedarm: Fix warning when no User protection defaults are enabled.
  • #516206 by cedarm: userprotect_administrator_bypass_defaults() should return keyed array.
  • #623162 by hunmonk: SA-CONTRIB-2009-090 - User Protect - Cross Site Request Forgery.

Pages

Subscribe with RSS Subscribe to RSS - Security update