7.x

This resolves a critical security flaw that allows anonymous visitors, and any authenticated users who would not normally have access to edit the entity, to edit any fields that are enabled via this module. The problem is mitigated by the fact that fields must have the custom edit page specifically enabled, it is not automatic. Updating to this release is critically important to avoid a possible security breach when using this module.

SA-CONTRIB-2014-053 - Field API Tab Editor (FATE) - Access bypass

This release focuses on improvements to the optional pubcookiesiteaccess module.

The only changes in the pubcookie module in this release are to fix a bug where the default value of pubcookie_id_is_email was not consistent (it is now 1 throughout) and to support the new features of pubcookiesiteaccess module.

The bundled pubcookiesiteaccess module allows you to maintain a whitelist of usernames who may log into your site.

Small release. Fixes a PHP error which happens while running cron: #2267477: Fatal error: Can't use function return value in write context

Updating output and code style.

SA-CONTRIB-2014-052 - AddressField Tokens - Cross Site Scripting (XSS)

Development snapshot for Dynamic Autocomplete Path

- [new] a custom refresh command for when the cart form is updated, so that it can do further things, like hiding current messages and scrolling to where the new messages are.
- [bug] work better for when the cart form failed validation as was not submitted so that error classes are shown on the proper form elements