Downloads

Download tar.gz 139.81 KB
MD5: 36cfe7634968ce7ad0ebeeb0a9961b82
SHA-1: db9aed9eef5e5abff4bdeb198630a8c05ded48d1
SHA-256: 6054af53b57231c44e1d6761671212553a8f48a49d2d75fe64bfe941b20ea780
Download zip 170.58 KB
MD5: 0b26e6ddb14ac38400f462be72bfe929
SHA-1: ca86327e7da91e72880cfbe08323cdec6e7d458f
SHA-256: b72960e77dc682828b502334e80a747eb5ec21d6044f62402469e63e35909f0c

Release notes

A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. The filedepot uses the YUI uploader and libraries - version 2.7.0 all the libraries are by default loaded from a CDN but the uploader is loaded locally.

Reference: http://yuilibrary.com/support/2.8.2/

In addition, changes have been made to support the removal of all non pure GPL libraries from the module as per drupal project guidelines. There were a few libraries like YUI and a jQuery plugin that were included in project which are now removed. The module now has a dependancy on the libraries module. How to install the required libraries documemented in the README.txt

Note about this Security Update without a corresponding Security Advisory

The responsibility to update 3rd party libraries is on Drupal site builders and falls outside of the responsibility of the Drupal Security Team. This release has been tagged security update to let site builders know they need to do something but there will not be an SA.

Created by: blainelang
Created on: 12 Apr 2011 at 19:37 UTC
Last updated: 1 Aug 2018 at 23:20 UTC
Security update
Insecure
Unsupported

Other releases