Fixes SA-CONTRIB-2014-070 - Password Policy - Access Bypass
Other changes since 7.x-1.8:
SA-CONTRIB-2014-069 - Logintoboggan - Access Bypass and Cross Site Scripting (XSS)
Fixes for a couple of security issues:
#103928 - Failure to unset the auth role for users with pre-auth role on 404 pages. #106048 - XSS vulnerability in Unified Login form.
Fixes Node View Permissions - Moderately critical - Access Bypass - SA-CONTRIB-2018-002
Bug fix: #2039529: Anonymous users can see unpublished content
Fixes SA-CONTRIB-2014-068 - Pane - XSS
Fixes redirector abuse and XSS vulnerabilities in path-based meta tag admin pages DRUPAL-SA-CONTRIB-2014-067
SA-CONTRIB-2014-066 - Node Access Keys - Access Bypass/ Issue #2295617: When enabled all unpublished nodes can be accessed by anonymous users: Accessible unpublished nodes fixed.