Fixes possible information disclosure caused by block caching.
Field as Block - Less Critical - Information Disclosure - SA-CONTRIB-2015-161
See LABjs - Less Critical - Open Redirect - SA-CONTRIB-2015-159
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:
No other fixes are included.
See jQuery Update - Less Critical - Open Redirect - SA-CONTRIB-2015-158
Security release to address escaping user input. Webform CiviCRM Integration - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-160.
#2303503 : fixed potential security issue that could prevent a user from logging out
Login Disable - Access Bypass - Moderately Critical - SA-CONTRIB-2015-162
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.