See SA-CONTRIB-2015-061 - Ubercart Webform Integration - Cross Site Scripting (XSS)
See EntityBulkDelete - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-089
First beta release of the 3.x branch, release notes on http://community.aegirproject.org/3.0-beta1
Previously, Aegir stored SSL cipher and protocol settings per site in Nginx virtualhost configuration files. This included the enabling of SSLv3, which is vulnerable to POODLE attacks .
See Linear Case - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-084
Changes since 7.x-1.2:
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.