Projects / Drupal / Releases / stable security

RSS All releases tagged stable security

  •  18 Apr 2014 23:55

Release Notes: When pages are cached for anonymous users (either by Drupal or by an external system), the form state may leak between anonymous users. As a consequence, there is a chance that interim form input recorded for one anonymous user (which may include sensitive or private information, depending on the nature of the form) will be disclosed to other users interacting with the same form at the same time. This especially affects multi-step Ajax forms because the window of opportunity (i.e., the time span between user input and final form submission) is indeterminable. This release fixes this.

  •  02 Feb 2012 05:09

Release Notes: This release fixes an XSRF vulnerability in the Aggregator module, verifies signed attributes in SREG and AX for OpenID, and fixes an access bypass in the File module.

  •  02 Feb 2012 05:08

Release Notes: This release fixes an XSRF vulnerability in the Aggregator module and verification of signed attributes in SREG and AX for OpenID.

Screenshot

Project Spotlight

NetStats Baseball

A simulation of major league baseball.

Screenshot

Project Spotlight

Fosfat

A library and a tool for a read-only access on a Smaky disk.