In order to respond to a minor access bypass security issues (#2055139) some new entity-level access checks were introduced in 7.x-1.1. These checks affect XML requests for gallery data when the Juicebox field formatter is being used. This XML data is what the Juicebox javascript uses to render each gallery and is only available via a request that's separate from the Drupal page that contains the gallery.
These new access checks will only warrant configuration attention for galleries that are attached to less common entity types (entities other than nodes or users). Native support for nodes and users is already included.
So if you are using the field formatter to attach a Juicebox gallery to a special type of entity, you may now encounter "Juicebox XML errors" when the gallery is being displayed. The specific configuration needed to fix this depends on what kind of entity you are using:
- For other core entities that are fieldable (comments, taxonomy terms, etc.) you can simply install the Entity API module. Juicebox will automatically detect that this module is installed and will then leverage the special access check methods it introduces when delivering the Juicebox XML.
- For custom (non-core) entity types you need to install the Entity API module and ensure that an access callback is defined for the custom entity type (see the Entity API documentation for more info on access callbacks). Many custom entity types defined via other Drupal contrib modules will hopefully declare an access callback already.
