Official release from CVS tag: DRUPAL-6--1-6
Last updated: August 18, 2010 - 19:31View usage statistics for this release Download Size md5 hash simplenews_content_selection-6.x-1.6.tar.gz 11.97 KB d9d4cddcd76d2e8780917c9d86c5ce8a Official release from CVS tag: DRUPAL-6--1-6
Last updated: August 18, 2010 - 19:31View usage statistics for this release

- Leaving the ajax for scs_views behind
- Added possibility for default title
- Coding standards
- New theme functions
- Updated INSTALL.txt
- Theming for node output is now in front-end theme
- Bugfixes

Contains a fix for SA-CONTRIB-2010-089 - Simplenews Content Selection - Cross Site Scripting.

Official release from CVS tag: DRUPAL-6--2-8
Last updated: August 11, 2010 - 23:56View usage statistics for this release Download Size md5 hash cck-6.x-2.8.tar.gz 430.27 KB b4ee90587dacefcb290f7f9bbf49ea40 Official release from CVS tag: DRUPAL-6--2-8
Last updated: August 11, 2010 - 23:56View usage statistics for this release

Fixes for content_access() and nodereference_autocomplete_access() described in SA-CONTRIB-2010-088.

Official release from CVS tag: DRUPAL-6--1-1
Last updated: August 11, 2010 - 22:31View usage statistics for this release Download Size md5 hash govdelivery-6.x-1.1.tar.gz 13.86 KB aea3ea1e130582e5f3ceeae743173b7f Official release from CVS tag: DRUPAL-6--1-1
Last updated: August 11, 2010 - 22:31View usage statistics for this release

SA-CONTRIB-2010-087 - GovDelivery - Cross site scripting
The GovDelivery module provides integration with the GovDelivery On-Demand Mailer service, a web service for GovDelivery customers that sends messages directly based on configured account information. The module replaces the backend of SMTP library in your Drupal site with calls to the GovDelivery service, so all mail sent from your site uses the ODM service.
The module does not sanitize some of the user-supplied data before displaying it (for Drupal 6.x-1.0 only), leading to a Cross Site Scripting (XSS).

For more information see the Security Advisory at: http://drupal.org/node/880698

Official release from CVS tag: DRUPAL-5--1-5
Last updated: August 11, 2010 - 22:01View usage statistics for this release Download Size md5 hash prepopulate-5.x-1.5.tar.gz 9.3 KB bc1a06bb50ecd96ccce7efa968fd6f2f Official release from CVS tag: DRUPAL-5--1-5
Last updated: August 11, 2010 - 22:01View usage statistics for this release

SA-CONTRIB-2010-086 - Prepopulate - Access Bypass

The Prepopulate module provides the ability for form fields to be pre-populated via the request sent for the form.

The module is vulnerable to access bypass which would allow a malicious user to change the value of fields they would not otherwise have access to alter.

See http://drupal.org/node/880696 for more information.

Official release from CVS tag: DRUPAL-6--2-0
Last updated: August 11, 2010 - 22:01View usage statistics for this release Download Size md5 hash prepopulate-6.x-2.0.tar.gz 9.66 KB f80ac762e58f70c30e4e65fea59bb6cd Official release from CVS tag: DRUPAL-6--2-0
Last updated: August 11, 2010 - 22:01View usage statistics for this release

Advisory ID: DRUPAL-SA-CONTRIB-2010-086 - PREPOPULATE ACCESS BYPASS

The Prepopulate module provides the ability for form fields to be pre-populated via the request sent for the form.

The module is vulnerable to access bypass which would allow a malicious user to change the value of fields they would not otherwise have access to alter.

For more information see the Security Advisory at http://drupal.org/node/880696

Official release from CVS tag: DRUPAL-5-23
Last updated: August 11, 2010 - 20:46View usage statistics for this release Download Size md5 hash drupal-5.23.tar.gz 750.26 KB 562f3dde93657130d14405b99ac6a672 Official release from CVS tag: DRUPAL-5-23
Last updated: August 11, 2010 - 20:46View usage statistics for this release

The twenty-third maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2010-02 - Drupal Core - Multiple vulnerabilities

Drupal 5 will no longer be maintained when Drupal 7 is released. Upgrading to Drupal 6 is recommended.

Official release from CVS tag: DRUPAL-6-18
Last updated: August 11, 2010 - 20:26View usage statistics for this release Download Size md5 hash drupal-6.18.tar.gz 1.04 MB 313b0f1d8a08b74ee6269cee250bd45d Official release from CVS tag: DRUPAL-6-18
Last updated: August 11, 2010 - 20:26View usage statistics for this release

The eighteenth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2010-002 - Drupal Core - Multiple vulnerabilities

No other fixes are included. For additional bugfixes, see Drupal 6.19 released alongside Drupal 6.18.

Official release from CVS tag: DRUPAL-5--1-4
Last updated: August 11, 2010 - 20:16View usage statistics for this release Download Size md5 hash openid-5.x-1.4.tar.gz 18.59 KB 4f7aa32fecfd4573da6da85ca749404c Official release from CVS tag: DRUPAL-5--1-4
Last updated: August 11, 2010 - 20:16View usage statistics for this release

Contains fixes for SA-CONTRIB-2010-084 - OpenID - Authentication bypass

Important: A bug in this release causes the update to malfunction. Do not install this version, but use 5.x-1.5 instead.

5.x-1.5 also contains an update for those users who had the misfortune to update to 5.x-1.4.

I apologize for the trouble I've caused to you.

Official release from CVS tag: DRUPAL-6--2-0-ALPHA2
Last updated: August 11, 2010 - 19:51View usage statistics for this release Download Size md5 hash pathauto-6.x-2.0-alpha2.tar.gz 125.79 KB c73ec416aeca4aa828cbab2a7da6c720 Official release from CVS tag: DRUPAL-6--2-0-ALPHA2
Last updated: August 11, 2010 - 19:51View usage statistics for this release

Initial release of the Pathauto 6.x-2.x branch, in sync with the 7.x-1.x branch.

Make sure you are using the lastest stable version of Token module.

Official release from CVS tag: DRUPAL-7--1-0-ALPHA2
Last updated: August 11, 2010 - 19:51View usage statistics for this release Download Size md5 hash pathauto-7.x-1.0-alpha2.tar.gz 119.43 KB 5f4aecc1b5d6a6e4365fafcc7f0efe15 Official release from CVS tag: DRUPAL-7--1-0-ALPHA2
Last updated: August 11, 2010 - 19:51View usage statistics for this release

Make sure you are using the lastest stable version of Token module.

Changes since DRUPAL-7--1-0-ALPHA1:

read more

Official release from CVS tag: DRUPAL-6--1-4
Last updated: August 11, 2010 - 19:51View usage statistics for this release Download Size md5 hash pathauto-6.x-1.4.tar.gz 137.78 KB 0ea75c9934ca0ccc59ab978dd3087817 Official release from CVS tag: DRUPAL-6--1-4
Last updated: August 11, 2010 - 19:51View usage statistics for this release

Changes since DRUPAL-6--1-3:

read more

Official release from CVS tag: DRUPAL-5--2-4
Last updated: August 11, 2010 - 19:51View usage statistics for this release Download Size md5 hash pathauto-5.x-2.4.tar.gz 98.53 KB da1531a05da718b52cc47105ec155588 Official release from CVS tag: DRUPAL-5--2-4
Last updated: August 11, 2010 - 19:51View usage statistics for this release

Changes since DRUPAL-5--2-3:

read more

Official release from CVS tag: DRUPAL-6--2-4
Last updated: August 11, 2010 - 18:36View usage statistics for this release Download Size md5 hash ubercart-6.x-2.4.tar.gz 840.62 KB fac900cac0c05249ccf32f50e7e34b2a Official release from CVS tag: DRUPAL-6--2-4
Last updated: August 11, 2010 - 18:36View usage statistics for this release

2010-08-11

The following bugs have been fixed, including the security updates outlined in SA-2010-083.

Changes since Ubercart 6.x-2.3 (-r 2130..2135):

• Add a page to print just the packing slip.
• #861086 by dereine: Make Ubercart compatible with Views 3.
• #858816 by nielnz: Fix the cart ID in the session data so that it is only removed when the cart needs to be rebuilt.
• #613498 by willowmedia and sammys: hook_cart_item('can_ship') didn't record FALSE results.
• Don't say whether it was the username or password was invalid in Google Checkout.
• UC 2Checkout doesn't validate the payment notification properly.
• PayPal WPS doesn't verify the receiver's email address.
• UC Cart Links adds unpublished products to the cart and allows the cart to be emptied from any site.

Official release from CVS tag: DRUPAL-5--1-10
Last updated: August 11, 2010 - 18:31View usage statistics for this release Download Size md5 hash ubercart-5.x-1.10.tar.gz 625.55 KB 6b0d90f56368d6e9f1731d606206f91d Official release from CVS tag: DRUPAL-5--1-10
Last updated: August 11, 2010 - 18:31View usage statistics for this release

The following bugs have been fixed, including the security updates outlined in SA-2010-083.

• #692710: Incorrect tax calculations when multiple taxes applied to an order
• UC 2Checkout doesn't validate the payment notification properly.
• PayPal WPS doesn't verify the receiver's email address.
• UC Cart Links adds unpublished products to the cart and allows the cart to be emptied from any site.

Official release from CVS tag: DRUPAL-6--1-11
Last updated: August 11, 2010 - 17:11View usage statistics for this release Download Size md5 hash print-6.x-1.11.tar.gz 168.31 KB 82cdad0a665954550c5d1fea56bd86a4 Official release from CVS tag: DRUPAL-6--1-11
Last updated: August 11, 2010 - 17:11View usage statistics for this release

Changes since DRUPAL-6--1-10:

read more

Official release from CVS tag: DRUPAL-5--4-10
Last updated: August 11, 2010 - 17:11View usage statistics for this release Download Size md5 hash print-5.x-4.10.tar.gz 163.2 KB b06058f6630ec4558fac142cd949ca17 Official release from CVS tag: DRUPAL-5--4-10
Last updated: August 11, 2010 - 17:11View usage statistics for this release

Changes since DRUPAL-5--4-9:

read more

Official release from CVS tag: DRUPAL-6--1-2
Last updated: August 11, 2010 - 16:51View usage statistics for this release Download Size md5 hash filefield_sources-6.x-1.2.tar.gz 19.88 KB 7d7e4406e28e80837aaad641357bffb7 Official release from CVS tag: DRUPAL-6--1-2
Last updated: August 11, 2010 - 16:51View usage statistics for this release

This release of FileField Sources fixes a number of bugs, including an XSS security hole. It also offers support for Transliteration module and feature to reuse files that have been uploaded via FTP to the server.

Bug fixes:
#879114: JavaScript error with IE 7 & 8 when clicking "File browser" button
#845378: Ignore query string when checking file extension
#827652: Filefield sources breaks when selection links have classes added
#843152: warning: Parameter 1 to filefield_validate_associate_field() expected to be a reference (PHP 5.3 support)

New features:
#784946: Add support for transliteration to remote URLs
#830696: IMCE integration improvements (includes support for IMCE 2)
#438940: Add ability to use file uploaded via FTP
#867280: Follow URL redirects (such as those created by URL-shortening services)

Official release from CVS tag: DRUPAL-6--1-3
Last updated: August 11, 2010 - 13:36View usage statistics for this release Download Size md5 hash privatemsg-6.x-1.3.tar.gz 111.99 KB 8839ac5800e5d8db2e40aa63a98228f2 Official release from CVS tag: DRUPAL-6--1-3
Last updated: August 11, 2010 - 13:36View usage statistics for this release

This security release fixes SA-CONTRIB-2010-080 - Privatemsg - Cross Site Scripting. Also contains a few bugfixes, better indexes to improve performance and more tests for improved stability.

Changes since 6.x-1.2:

• #782956 by Berdir | benone: Fixed admin can't delete other users messages.
• #788254 by Berdir | gold: Fixed can't apply tag to messages in inbox.
• Updated Hungarian translation
• #832708 by Berdir | BenK: Added tests for blocks.
• #832738 by Berdir | BenK: Added tests for preview button
• by Berdir: fixed php notices in tests
• #850094 by Michelle: Updated author pane integration
• #871668 by James Andres: Fixed localised URLs in pm_email_notify tokens.
• #869448 by sirkitree, Berdir: Fixed checking if user options should be saved.
• #820238 by Berdir: Added improved indexes on {pm_index}, {pm_tags} and {pm_tags_index}
• #855730 by andypost | Berdir: Fixed invalid HTML in author pane integration.

Official release from CVS tag: DRUPAL-6--2-0-BETA5
Last updated: August 2, 2010 - 16:26View usage statistics for this release Download Size md5 hash admin-6.x-2.0-beta5.tar.gz 50.16 KB 088401c8d0631c22c52ab8cfe997f3a3 Official release from CVS tag: DRUPAL-6--2-0-BETA5
Last updated: August 2, 2010 - 16:26View usage statistics for this release

This release addresses a security issue where block titles and menu titles were not escaped properly for XSS. Both vulnerabilities require the administer menu and administer blocks permissions to be exploited.

• Updated Hungarian translation.
• Fix for breadcrumb build if root menu is adjacent to link.
• Disable PURL rewriting on admin block menu items.
• #797492 by bibo, andermt: Fix for conflict with other JS in Safari, Chrome, IE.
• Fix for IE clone bug.
• #773204 by mfer: Expand scope of admin menu title CSS
• #850104: Ensure module is included for update 6202.
• #781410: Fix for installation of admin when menu module is off or 'admin' custom menu exists.
• Fix for extra border on My account block.
• Ensure no active classes when settings active class on initial drilldown state.
• #709872 by realityloop: Autohide on new pages option for Admin toolbar. #825422: Fixed height for horizontal menu and body push.
• #825532 by c4rl: Ensure delimiter is found before splitting.
• Improved IE7 support.
• #662662: Allow menus to be structured without a single root node.
• More IE fixes.
• #835796: Add wipe and rebuild tab.
• #746432: Push admin blocks through core theming stack to ensure preprocessors are run.

read more

Official release from CVS tag: DRUPAL-5--1-4
Last updated: July 28, 2010 - 21:25View usage statistics for this release Download Size md5 hash kaltura-5.x-1.4.tar.gz 102.05 KB 26db051595bcd9f7aa2038eb58e0308b Official release from CVS tag: DRUPAL-5--1-4
Last updated: July 28, 2010 - 21:25View usage statistics for this release

This release fixes a security vulnerability, all users of Kaltura are urged to upgrade. For more details, see SA-CONTRIB-2010-078 - Kaltura - Information disclosure.

Changes since DRUPAL-5--1-3:

• [#392736] Remove hidden stats iframes from install / uninstall / admin setup.
• [#779774] Fix fatal error when importing Kaltura nodes.