Install
Works with Drupal: 7.xUsing Composer to manage Drupal site dependencies
Downloads
Download tar.gz
49.62 KB
MD5: bb819eefdd0bee503c4713dad659b6ab
SHA-1: 1cf4899fe6fe7abe7c419d9646ce3406afb99a9b
SHA-256: fa32da80c7473ba743496f936b176f97374d154a6c53ac5ef75c543a9898d761
Download zip
56.05 KB
MD5: fe29690a3cb57b0e62ce1f1ebe144352
SHA-1: 8e22f60a3854cf98e22fc4ba91bf5c3cc9b1b4a5
SHA-256: a62d054b893e7ca9677ecb65fff721505827f62a76139088179497bf92fd9b7f
Release notes
This release contains an important security fix. Users of the module are strongly encouraged to update to this version as soon as possible.
If you are using an older version, incorrectly escaped error messages might lead to your site being vulnerable to an XSS attack. Note, however, that this can only occur if you somehow allow users to specify the used internal field identifiers (e.g., through Views exposed sorts or the old (deprecated) Search API Facets module).
Complete list of changes:
- Fixed escaping of error messages.
- #1480170 by kotnik: Fixed return value of hook_requirements().
- #1500210 by ezra-g, acrollet, jsacksick: Fixed errors when installing with non-default installation profiles.
- #1444432 by Damien Tournoud, jsacksick: Added field-level boosting.
- #1302406 by Steven Jones: Fixed autoload problem during installation.
- #1340244 by drunken monkey, alanomaly: Added more helpful error messages.