The Drupal 7.41-cws-1.4.0 update was released to our development environment on Wednesday, January 20th, and will be released to production sites on Tuesday, January 26th.  The following updates have been applied:

Major Version Upgrade

• None

Drupal Core Bug Fix/Security Updates

• Field Group: 7.x-1.4 – > 7.x-1.5
  
  • Moderate Security Issue: When adding an HTML element as a field group, the user had the option of adding custom HTML attributes on the group. Via this option, a malicious user could embed scripts within the page, resulting in a cross-site scripting (XSS) vulnerability. This was mitigated by the fact that the attacker would have to be able to configure field display settings, which usually needs a higher level permission.
  • 18 additional fixes/updates. View the Field Group Release Notes for detailed information

New Modules Added

• None

Contributed Module Updates

• CKEditor: 7.x-1.1.16 -> 7.x-1.17
  • 12 fixes/updates. View the CKEditor Release Notes for detailed information
• Link: 7.x-1.3 -> 7.x-1.4
  • 10 fixes/updates. View the Link Release Notes for detailed information
• Linkit: 7.x-3.4 -> 7.x-3.5
  • 10 fixes/updates. View the Linkit Release Notes for detailed information

OSU Module Updates

• Highlights: Updated view to use caching.
  
• Live Feeds: Fix underline for calendar months in Firefox 40 and above.

OSU Theme Updates

• Doug Fir: Added small changes to prepare theme for larger, full-screen changes in the future.
  

If you have questions or concerns please contact us though our contact form.