Entity Registration - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-155
See Commerce Commonwealth (CBA) - Moderately Critical - Insufficient Verification of API Data - SA-CONTRIB-2015-136.
This is the sixth beta release of Authcache 2.0. This release brings one very important security fix and does not introduce anything else.
See Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135
See OSF for Drupal - Critical - Multiple vulnerabilities - SA-CONTRIB-2015-134
This new recommended release includes many different things since version 7.x-3.0:
Security Only release.
Fixed XSS bugs as identified in SA-CONTRIB-2014-008 and found in a thorough code review.
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.