The Drupal 7.41-cws-1.4.0 update was released to our development environment on Wednesday, January 20th, and will be released to production sites on Tuesday, January 26th. The following updates have been applied:
Major Version Upgrade
Drupal Core Bug Fix/Security Updates
- Field Group: 7.x-1.4 – > 7.x-1.5
- Moderate Security Issue: When adding an HTML element as a field group, the user had the option of adding custom HTML attributes on the group. Via this option, a malicious user could embed scripts within the page, resulting in a cross-site scripting (XSS) vulnerability. This was mitigated by the fact that the attacker would have to be able to configure field display settings, which usually needs a higher level permission.
- 18 additional fixes/updates. View the Field Group Release Notes for detailed information
New Modules Added
Contributed Module Updates
- CKEditor: 7.x-1.1.16 -> 7.x-1.17
- 12 fixes/updates. View the CKEditor Release Notes for detailed information
- Link: 7.x-1.3 -> 7.x-1.4
- 10 fixes/updates. View the Link Release Notes for detailed information
- Linkit: 7.x-3.4 -> 7.x-3.5
- 10 fixes/updates. View the Linkit Release Notes for detailed information
OSU Module Updates
- Highlights: Updated view to use caching.
- Live Feeds: Fix underline for calendar months in Firefox 40 and above.
OSU Theme Updates
- Doug Fir: Added small changes to prepare theme for larger, full-screen changes in the future.
If you have questions or concerns please contact us though our contact form.