Security update

This release contains no changes to 7.x-1.1, other than those necessary to resolve the security vulnerability SA-CONTRIB-2019-080.

Other changes had previously been made to the 7.x-1.x branch. Those were not yet tested and ready to include in a stable tagged release. So, those other changes have been temporarily rolled back to enable the prompt creation of this security release.

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal core - Critical - Third-party library - SA-CORE-2021-001

No other fixes are included.

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

• Drupal core - Critical - Third-party library - SA-CORE-2021-001

No other fixes are included.

The "This went surprisingly well" release

The initial release contained a bug where complex trees would sometimes grant permissions to not only the designated target group, but also the target's siblings. This has been fixed and a simple cache rebuild will make sure everything is working as intended. If you had simple parent-child relationships set up, you were likely unaffected. But it's advisable to upgrade nonetheless.

Not too bad considering we went straight to a full release.