Important : CCK 1.6 security release

Events happening in the community are now at Drupal community events on www.drupal.org.
yched's picture
Posted by yched on August 14, 2007 at 11:30am

The CCK 1.6 releases for the 4.7 and 5 branches fix two XSS (Cross Site Scripting) vulnerabilities in nodereference.module.
All sites using CCK / nodereference.module should consider upgrading to this release as soon as possible.
Security announcement: DRUPAL-SA-2007-019

The release also fixes some (less critical) bugs. Main new feature is the additional 'full node / teaser' formatters for nodereference.
See release notes for more info.

download CCK 5.x-1.6 - Release notes
download CCK 4.7.x-1.6 - Release notes

Comments

CCK 1.6-1 hotfix releases

Posted by yched on August 16, 2007 at 5:27pm
yched's picture

New hotfix release for both branches :
Fixes a stupid missing ';' that displays "&nbsp" all over the place...
Also fixes a bug with nodereference / autocomplete widget / Views 1.6

The security part of the previous 1.6 releases is not affected.

Sorry about that :-/

download CCK 5.x-1.6-1 - Release notes
download CCK 4.7.x-1.6-1 - Release notes

Content Construction Kit (CCK)

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: