An update was released to our development environment on Tuesday, August 30th, 2016 and will be released to production sites on Tuesday, September 6th, barring any security/emergency updates. The following updates have been applied:
Major Version Upgrade
- None
Drupal Core Bug Fix/Security Updates
- None
New Modules Added
- None
Contributed Module Updates
- Webform 7.x-4.14:
- This release contains two updates that have been rolled into one
- 7.x-4.13 The update of most concern for us is the one that involves conditionals. Users can now actually nest conditional statements inside of other conditional statements. This is pretty exciting, but it also opens the door for some potential confusion. We ask of anyone who is using conditionals to give their form(s) a test in their dev environment to make sure everything is working correctly.
- Additionally, there are more than ten other updates that have been introduced. For more information, see the referenced release notes.
- 7.x-4.14 was not a security release, but there were two big security improvements that were added to let users better understand the security ramifications of two existing features
- Changing disabled components. The description of the disabled option now clarifies that it is still possible for a user to use developer or JavaScript tools to modify the value of a disabled component. This is by design and is considered desirable. To store a submission value that cannot be changed by the user, use a hidden component with the “secure value” option.EntityInterface added to allow programming interfaces
- Submission results downloaded as delimited text files (e.g. CSV). Some spreadsheets interpret cell data within a delimited text file as a formula, leading to a formula injection vulnerability in the spreadsheet. Data submitted by untrusted users that may be opened by a spreadsheet should be downloaded in Microsoft Excel format rather than delimited text format. The Webform submission download page makes this clear.
- Additionally there are more than ten other updates that have been introduced. For more information, see the referenced release notes
OSU Module Updates
- None
OSU Theme Updates
- None
If you have questions or concerns please contact us though our contact form.
Leave a Reply