Changes since 6.x-1.0
See HSTS module - moderately critical - Logical Error - SA-CONTRIB-2015-118
Changes since 7.x-1.1
See HSTS module - moderately critical - Logical Error - SA-CONTRIB-2015-118.
See Acquia Cloud Site Factory Connector - Less Critical - Open Redirect - SA-CONTRIB-2015-125
This is a security release. People running 7.x-2.0-alpha8 or below should update. This release only contains security fixes, no additional bug fixes or features.
Changes since 7.x-2.0-alpha8:
See Dynamic display block - Less Critical - Access bypass - SA-CONTRIB-2015-104
Fix database queries DDblock Drupal 6
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.