Dear all,
I have a simple question for you. I have 3 security update notification in my Managing News: one is Drupal core, and the others are Spaces and Views modules. Can I proceed normally with these updates or is there some special dependency check for Managing News?

Thank you very much,

Andrea

Comments

juliangb’s picture

Subscribe.

So far I've updated modules needing a security update manually - but it would be good to have an updated package available that doesn't ship with security flaws.

xurizaemon’s picture

Title: Managing News and Drupal upgrade » Apply security fixes for Drupal core, Views, Spaces to Managing News package at http://www.managingnews.com/
Component: Miscellaneous » Code
Category: support » task
Status: Active » Needs work

The Managing News 1.2 package at http://www.managingnews.com/ contains versions of Drupal Core, Spaces and Views which have the following security fixes pending.

* SA-CORE-2011-001 - Drupal Core - Multiple vulnerabilities
* SA-CONTRIB-2010-111 - Views - Cross Site Scripting
* SA-CONTRIB-2011-012 - Spaces - Access bypass

There are also (currently) updates available for CTools, Features, Feeds, ImageAPI, ImageCache, jQuery UI, Libraries API, OpenLayers.

We have tested upgrade of a Managing News install via drush pm-update and it appears to upgrade correctly (an extra drush cc all was required after the upgrade for us). It should be possible for you to upgrade via other standard upgrade procedures too.

Will update here if any issues appear as a result of doing so.

Would be good if the release archive at the Managing News site could have the fixes applied.