SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)
This release of Webform 4.x fixes a large number of bugs and addresses an XSS security vulnerability. Beta2 introduces a new feature to preview submissions before submitting them in multipage forms. Upgrading is recommended for all users of Webform 4.x.
This release of FileField fixes an access bypass issue that may allow a private file to be reused from a revision when a user did not have access to that revision. No other significant changes were made in this release and upgrading is recommended for all FileField installations.
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.