7.x

check_plain() and check_markup() is added to page--front.tpl.php to avoid XSS.

SA-CONTRIB-2013-029 - Business theme - Cross Site Scripting (XSS)

• #1698162: Support non-default session storage
• #1707862: Allow for message.callback to be a list

This release candidate contained a critical bug, #1730168: Tags vocabulary and roles not created on install. Please update directly to RC4 rather than using this release candidate.

Important: RC3 introduces a new dependency, the Apps compatible module. Before updating, make sure you have logged in with a site administrator account (a user with the user permission administer software updates or the account you created during installation). Immediately after updating, you will need to run the update script as an admin user at http://example.org/update.php (replace example.com with your domain name). See documentation on updating from one minor version to another.

The new release includes some significant fixes to a number of issues reported after the switch to using apps at the last release. Thanks to all of you who are posting issues on the drupal.org issue queue for Open Outreach as that really helps us improve the distribution.

Nedjo has also tackled some major re-factoring of how roles are generated in all of the Debut features. To do so, he has created a new helper module--Apps compatible--and deprecated Debut.

Fixed issue #1723050: Theme settings broken by default adaptive settings which has significant impacts on the Open Outreach distribution for which Granada is created.

Mainly contains a bug fix for #1721878: "Change Layout" button in Panels IPE is busted. $critical_bugs--;

This release: