filedepot 6.x-1.2

Release notes

A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. The filedepot uses the YUI uploader and libraries - version 2.7.0 all the libraries are by default loaded from a CDN but the uploader is loaded locally.

Reference: http://yuilibrary.com/support/2.8.2/

In addition, changes have been made to support the removal of all non pure GPL libraries from the module as per drupal project guidelines. There were a few libraries like YUI and a jQuery plugin that were included in project which are now removed. The module now has a dependancy on the libraries module. How to install the required libraries documemented in the README.txt

Note about this Security Update without a corresponding Security Advisory

The responsibility to update 3rd party libraries is on Drupal site builders and falls outside of the responsibility of the Drupal Security Team. This release has been tagged security update to let site builders know they need to do something but there will not be an SA.