webform 7.x-3.22

Git tag 7.x-3.22
Security update
Insecure

This release of 7.x-3.x fixes one security issue. Updating is strongly recommended for all users of the 7.x-3.x branch. See SA-CONTRIB-2015-063 - Webform - Cross Site Scripting (XSS) for details.

Security issue

When a webform is made available as a block, the node's title is used as the default block title. This title is not sufficiently sanitized, leading to a Cross Site Scripting (XSS) vulnerability.

webform 6.x-3.22

Git tag 6.x-3.22
Security update
Insecure

This release of 6.x-3.x fixes one security issue. Updating is strongly recommended for all Drupal 6 webform users.
See SA-CONTRIB-2015-063 - Webform - Cross Site Scripting (XSS) for details.

Security issue

When a webform is made available as a block, the node's title is used as the default block title. This title is not sufficiently sanitized, leading to a Cross Site Scripting (XSS) vulnerability.

services_basic_auth 7.x-1.3

Git tag 7.x-1.3
Security update
Bug fixes

See SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass

Changes since 7.x-1.1:

entityqueue 7.x-1.0-rc1

Git tag 7.x-1.0-rc1
Security update
Bug fixes
New features

Summary of changes since 7.x-1.0-alpha3

Fixes minor security issue #2442875: Displays labels of entities user doesn't have access to. Does not fix known issue #2383903: Cannot save queues with entities user doesn't have access to.

Multiple bug fixes. New features include:

uc_coupon 6.x-1.8

Git tag 6.x-1.8
Security update

See SA-CONTRIB-2015-064 - Ubercart Discount Coupons - Cross Site Scripting (XSS)

simple_subscription 7.x-1.1

Git tag 7.x-1.1
Security update

Fixes SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting (XSS)

Pages

Subscribe with RSS Subscribe to RSS - Security update