Install
Works with Drupal: 7.xUsing Composer to manage Drupal site dependencies
Downloads
Download tar.gz
129.66 KB
MD5: a32a70aa0925aeba38427223ab88f136
SHA-1: 0b597befc333313ec806a3603931ce9981187d58
SHA-256: cc3df450a1eed7b2e2ea20b5cd8f257b5a5baf09654524f34af4e6f64cb1c9fe
Download zip
164.62 KB
MD5: c992553587939dba86bc65712a0b63ed
SHA-1: 5ec34636302f3ec4b9704e40d136bda027a8a8e4
SHA-256: da4de40a0e5135520b021428327e940649a852bf26cac6ff9bfc058f91528739
Release notes
See also SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)
This is a security release, containing an important security fix. Users of the project are strongly encouraged to update to this version as soon as possible.
If you are using an older version, incorrectly escaped error messages might lead to your site being vulnerable to an XSS attack. Note, however, that this can only happen if you have some advanced search mechanism, like a view with exposed sorts or use the old (deprecated) Facets module.
As announced in the RC1 release notes, this release also removes the old Facets module, in the future only the Facet API integration is supported.
Complete list of changes:
- Fixed escaping of error messages.
- #1330506 by drunken monkey: Removed the old Facets module.
- #1504318 by peximo: Fixed Views pager offset.
- #1141488 by moonray, drunken monkey: Added option to use multiple values with contextual filters.
- #1535726 by bojanz, joelpittet: Fixed arguments for
$service->configurationFormValidate()for empty forms. - #1400882 by mh86: Fixed "Index hierarchy" for "All parents".
Security update
New features
Bug fixes
Insecure
