SA-CONTRIB-2015-037 - Node Title disclosure on 403 Not Found page
See SA-CONTRIB-2015-035 - Ajax Timeline - Cross Site Scripting (XSS).
See SA-CONTRIB-2015-034 - Commerce WeDeal - Open Redirect
See SA-CONTRIB-2015-032 - Node Invite - Multiple vulnerabilities
See SA-CONTRIB-2015-030 - Amazon AWS - Access bypass
This release include only the fix for the security issue :
SA-CONTRIB-2015-031 - GD Infinite Scroll - Multiple vulnerabilites
There's no need to run update.php.
The cache_menu needs to be flushed.
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.