Fixes an Open Redirect vulnerability. See Chamilo integration - Less Critical - Open Redirect - SA-CONTRIB-2015-115
No database updates required, please update immediately!
Version 1.8 is a security release of Storage API. It addresses the security issue that allowed a user to bypass access checks if the field is attached to any entity other than a node.
The details for this security issue is published under Storage API - Moderately Critical - Access Bypass - SA-CONTRIB-2015-114
Fixed a security issue in the protection of the files directory for multi-site on Apache.
Full release notes on http://community.aegirproject.org/2.4
Second beta release of the 3.x branch.
Fixed a security issue in the protection of the files directory for multi-site.
Full release notes on http://community.aegirproject.org/3.0-beta2
Shipwire - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-111
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.