See the full release notes at: http://docs.aegirproject.org/en/3.x/release-notes/3.7/
Fixes Hosting - Less Critical -Access bypass - SA-CONTRIB-2016-046
See Require Login - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2016-045
Changes Since 7.x-2.3:
See Piwik - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-043
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.