See Drupal 7 driver for SQL Server and SQL Azure - Moderately Critical - SQL Injection - SA-CONTRIB-2015-148
RESTful - Moderately Critical - Access bypass - SA-CONTRIB-2015-147
67a32c0 by Mateu Aguiló Bosch
Prevent page cache poisoning when using authentication providers
that are not session cookie based.
See RESTful - Moderately Critical - Access bypass - SA-CONTRIB-2015-147.
Fieldable Panels Panes - Less Critical - Access bypass - SA-CONTRIB-2015-145
This includes a single change and is a recommended update for all sites using the module:
Changes since 7.x-1.0:
See Zendesk Feedback Tab -Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-143.
See Mass Contact - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-144
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.