refine_by_taxo 5.x-0.1

Git tag 5.x-0.1
Security update

Drupal's l/url methods would usually escape all possible unsecure code. Due to an incompatibility, refine_by_taxo could no longer use this and build its own anchors, without escaping the tags properly.

Anyone who creates tags with core taxonomy module, could potentially inject arbitrary HTML and script code into your site when you use refine_by_taxo to display these tags. Note that core taxonomy has no issues, its only the display part in refine_by_taxo that did not properlty escape the output.

This is now fixed in HEAD and DRUPAL-5.

drupal 6.1

Git tag 6.1
Security update
Bug fixes
Insecure

The first maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcement:

project_issue 5.x-2.0

Git tag 5.x-2.0
Security update
New features
Bug fixes
Insecure

This is the first official release of the 5.x-2.* series. The major new feature here is that issue followups now use core comments, instead of the previous special-case pseudo comments. This means the project_issue now depends on comment.module, upload.module (for file attachments to the initial issue post), and the comment_upload.module (for file attachments to followup comments).

This release requires Drupal 5.2 or greater.

Users of the 5.x-2.x-dev release should upgrade to this version immediately, since it fixes some critical security flaws:

project_issue 5.x-1.3

Git tag 5.x-1.3
Security update
Bug fixes

This release fixes the following critical security vulnerabilities from 5.x-1.2 and earlier:

  • #216062: SA-2008-012 -- XSS vulnerability in comment summary tables.
  • #216063: SA-2008-013 -- Arbitrary file upload.

project_issue 4.7.x-2.7

Git tag 4.7.x-2.7
Security update
Bug fixes

This release fixes the following critical security vulnerabilities from 4.7.x-2.6 and earlier:

  • #216062: SA-2008-012 -- XSS vulnerability in comment summary tables.
  • #216063: SA-2008-013 -- Arbitrary file upload.

project_issue 4.7.x-1.7

Git tag 4.7.x-1.7
Security update
Bug fixes

This release fixes the following critical security vulnerabilities from 4.7.x-1.6 and earlier:

  • #216062: SA-2008-012 -- XSS vulnerability in comment summary tables.
  • #216063: SA-2008-013 -- Arbitrary file upload.

Pages

Subscribe with RSS Subscribe to RSS - Security update