For full release notes and upgrade instructions, please see http://docs.acquia.com/commons.
Drupal Commons 3.5 (Drupal 7.24 core) contains the following features and updates:
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
No other fixes are included.
Maintenance and security release of the Drupal 6 series.
Changes since 7.x-1.0:
SA-CONTRIB-2013-096 - Entity reference - Access bypass
Changes since 7.x-2.3:
DRUPAL-SA-CONTRIB-2013-095 - Organic Groups - Access bypass
SA - CONTRIB-2013-094 - EU Cookie Compliance - XSS vulnerability and unsafe deletion of variables in hook_uninstall
Small changes to templates and css:
2086667 - jquery 1.9.1 stops the popup from working
1732928 - Provide a design that would work with all screen resolutions
In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
If you are a Drupal developer, please read the handbook section on Writing secure code.
Drupal is a registered trademark of Dries Buytaert.