This release fixes a security issue.
If you use the media module version 7.x-2.0-beta8, 7.x-2.0-beta9, 7.x-2.0-beta10 or 7.x-2.0-beta11 for Drupal 7.x, upgrade to 7.x-2.0-beta12 immediately.
One line of code was updated, for more details: https://www.drupal.org/commitlog/commit/698/197a7ec277ddf115a0a85c2613b5...
Bug fixes:#2828768: JS.snakeCaseObject() can break objects
Fixes Elysia Cron - Critical - Arbitrary PHP code execution - SA-CONTRIB-2016-062
CSRF security fix - see SA-CONTRIB-2016-056
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.