IMPORTANT: Upgrade to Panopoly 1.5 for security fix (SA-CONTRIB-2014-048)

Events happening in the community are now at Drupal community events on www.drupal.org.
dsnopek's picture
Posted by dsnopek on April 30, 2014 at 9:37pm

Hi Everyone!

I know that Panopoly 1.4 was just released last week - I'm sorry for so many releases so quickly. However, we've been trying hard to synchronize Panopoly releases with important security fixes so that your sites aren't left vulnerable.

This release has a couple of small bug fixes, but mainly, it includes an updated version of FAPE to fix a highly critical security vulnerability: SA-CONTRIB-2014-048.

From the security advisory (linked above):

... any user can edit any field on any entity on the site.

This is not an exaggeration! This is a very serious security vulnerability and it is recommended that you update immediately.

If you want information about how to upgrade to the new version and the nitty gritty details about every change -- please see the release notes:

https://drupal.org/node/2248645

Remember: you have to update the WHOLE profile - not just the individual panopoly_* modules! Otherwise, you'll be missing important module updates/patches, and it isn't guarenteed to work. (Full instructions in the link above).

And, of course, you can find links to download, documentation and report problems on the Panopoly project page:

https://drupal.org/project/panopoly

Thanks!

Comments

Thanks for the quick fix

Posted by shadcn on April 30, 2014 at 9:55pm
shadcn's picture

Thanks for the quick fix David. Release early, release often!

Panopoly

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: