InsertNode 5.x-1.2

Git tag 5.x-1.2
Security update

* Fixed a couple of security problems (Possibility of XSS attacks because of unfiltered data being used in the filter.)

commentreference 6.x-1.3

Git tag 6.x-1.3
Security update

.

ldap_integration 5.x-1.5

Git tag 5.x-1.5
Security update

This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.

ldap_integration 6.x-1.0-beta2

Git tag 6.x-1.0-beta2
Security update

This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.

ShindigIntegrator 6.x-2.1

Git tag 6.x-2.1
Security update

XSS and CSRF issue fixes

workflow 5.x-2.4

Git tag 5.x-2.4
Security update
Insecure

Prevent users with 'administer workflow' permission from using workflow and state names containing XSS.

Pages

Subscribe with RSS Subscribe to RSS - Security update