Salvatore Bonaccorso dijo [Thu, Feb 22, 2018 at 08:46:30PM +0100]: > There was a new Drupal security advisory at > > https://www.drupal.org/sa-core-2018-001 > > where several issues affect as well drupal7. > > * JavaScript cross-site scripting prevention is incomplete - Critical - > Drupal 7 and Drupal 8 > * Private file access bypass - Moderately Critical - Drupal 7 > * jQuery vulnerability with untrusted domains - Moderately Critical > - Drupal 7 > * External link injection on 404 pages when linking to the current page > - Less Critical - Drupal 7
I intend to work on this tomorrow; have been quite time-constrained, so any help will be welcome. But I intend to upload a new version for, at least, unstable and stable-security tomorrow afternoonish (@mex). Thanks for the heads-up.
