The Drupal 7.41-cws-1.4.0 update was released to our development environment on Wednesday, January 20th, and will be released to production sites on Tuesday, January 26th.  The following updates have been applied:

Major Version Upgrade

  • None

Drupal Core Bug Fix/Security Updates

  • Field Group: 7.x-1.4 – > 7.x-1.5

    • Moderate Security Issue: When adding an HTML element as a field group, the user had the option of adding custom HTML attributes on the group. Via this option, a malicious user could embed scripts within the page, resulting in a cross-site scripting (XSS) vulnerability. This was mitigated by the fact that the attacker would have to be able to configure field display settings, which usually needs a higher level permission.
    • 18 additional fixes/updates. View the Field Group Release Notes for detailed information

New Modules Added

  • None

Contributed Module Updates

OSU Module Updates

  • Highlights: Updated view to use caching.
  • Live Feeds: Fix underline for calendar months in Firefox 40 and above.

OSU Theme Updates

  • Doug Fir: Added small changes to prepare theme for larger, full-screen changes in the future.

If you have questions or concerns please contact us though our contact form.

Print Friendly, PDF & Email

Leave a Reply