Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
No other fixes are included.
Maintenance and security release of the Drupal 6 series.
Only minor documentation fixes are included on top of the security fix.
SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)
- Security fix; prevent cross site scripting attacks which appear in release 7.x-1.2 and 7.x-1.3
- Issue #2074087: fix form validation error on name column
- Issue #2014249: Fix php notice: undefined property.
SA-CONTRIB-2014-003 - Doubleclick for Publishers DFP - Cross Site Scripting (XSS)
This releases addresses a security permission issue from PSA-2014-001.
Changes since 7.x-1.3:
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.