SA-CONTRIB-2010-017 by iva2k: remove XSS vulnerability in file names
Fixed malicious system command insertion.
Correctly advises administrators about the PHP access they are giving to users with "import nodes" permission.
Menu Breadcrumb menu title XSS (cross-site scripting) issue on admin page fix
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.