**Horde_Form 2.0.10**
* [jan] SECURITY: Fixed XSS in form renderer.
**Horde_Icalendar 2.1.1**
* [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).
**Horde_Auth 2.1.10**
* [jan] SECURITY: Don’t allow to login to LDAP with an emtpy password.
**Horde_Core 2.20.6**
* [jan] SECURITY: Don’t allow to login with an emtpy password.
* [jan] Give administrators access to all groups, even with $conf[‘share’][‘any_group’] disabled.

Resolved Bugs
1238486 – drupal7-migrate-2.8 is available<br
## 7.x-2.8
**See [SA-CONTRIB-2015-130](https://www.drupal.org/node/2516678)**
**Features and enhancements**
* Issue #2379289: migrate-import –update does not seem to work as expected, if map is not joinable, due to highwater field?
* Issue #2403643: Migration::applyMappings() unable to handle multifield subfields
* Issue #2472045: Add language subfields only if field is translatable
* Issue #2474809: Obtuse error message when migration dependencies are missing
* Issue #2397791: MigrationBase::handleException should handle multiple errors via field_attach_validate()
* Issue #2309563: Add support for running migrations via wildcard name
* Issue #2095841: Add MigrationBase methods to enable/disable mail system.
* Issue #2419373: Performance improvement when using Source migrations in combination with MigrateSQLMap
* Issue #2141687: Make error messages include more information when migrating files
**Bug fixes**
* Field sanitization added to prevent possibility of XSS – see security advisory https://security.drupal.org/node/155268.
* Issue #2447115: Mapping editor does not properly save XML mappings
* Issue #2497015: Remapping taxonomy terms breaks term reference import on dependant migrations
* Issue #2488560: MigrateSourceList and MigrateSourceMultiItems getNextRow() stops after only one iteration
* Issue #2446105: Source fields getting reset as “do not migrate” after mapping and saving
* Issue #2415977: /tmp is hard-coded in migrate_ui
* Issue #2475473: Drush idlist option broken
* Issue #2465387: Unknown option: –stop during migrate-import via Drush
**Important: If you are upgrading from Migrate 2.5 or earlier**
Migration developers will need to add the “advanced migration information” permission to their roles to continue seeing all the info in the UI they’re used to.
Auto-registration (having classes be registered just based on their class name, with no call to registerMigration or definition in hook_migrate_api()) is no longer supported. Registration of classes defined in hook_migrate_api() is no longer automatic – do a drush migrate-register or use the Register button in the UI to register them.
Migration class constructors should now always accept an $arguments array as the first parameter and pass it to its parent. This version does support legacy migrations which pass a group object, or nothing, but these methods are deprecated.

Resolved Bugs
1238486 – drupal7-migrate-2.8 is available<br
## 7.x-2.8
**See [SA-CONTRIB-2015-130](https://www.drupal.org/node/2516678)**
**Features and enhancements**
* Issue #2379289: migrate-import –update does not seem to work as expected, if map is not joinable, due to highwater field?
* Issue #2403643: Migration::applyMappings() unable to handle multifield subfields
* Issue #2472045: Add language subfields only if field is translatable
* Issue #2474809: Obtuse error message when migration dependencies are missing
* Issue #2397791: MigrationBase::handleException should handle multiple errors via field_attach_validate()
* Issue #2309563: Add support for running migrations via wildcard name
* Issue #2095841: Add MigrationBase methods to enable/disable mail system.
* Issue #2419373: Performance improvement when using Source migrations in combination with MigrateSQLMap
* Issue #2141687: Make error messages include more information when migrating files
**Bug fixes**
* Field sanitization added to prevent possibility of XSS – see security advisory https://security.drupal.org/node/155268.
* Issue #2447115: Mapping editor does not properly save XML mappings
* Issue #2497015: Remapping taxonomy terms breaks term reference import on dependant migrations
* Issue #2488560: MigrateSourceList and MigrateSourceMultiItems getNextRow() stops after only one iteration
* Issue #2446105: Source fields getting reset as “do not migrate” after mapping and saving
* Issue #2415977: /tmp is hard-coded in migrate_ui
* Issue #2475473: Drush idlist option broken
* Issue #2465387: Unknown option: –stop during migrate-import via Drush
**Important: If you are upgrading from Migrate 2.5 or earlier**
Migration developers will need to add the “advanced migration information” permission to their roles to continue seeing all the info in the UI they’re used to.
Auto-registration (having classes be registered just based on their class name, with no call to registerMigration or definition in hook_migrate_api()) is no longer supported. Registration of classes defined in hook_migrate_api() is no longer automatic – do a drush migrate-register or use the Register button in the UI to register them.
Migration class constructors should now always accept an $arguments array as the first parameter and pass it to its parent. This version does support legacy migrations which pass a group object, or nothing, but these methods are deprecated.

Resolved Bugs
1238487 – drupal7-views_bulk_operations-3.3 is available<br
## 7.x-3.3
**See [SA-CONTRIB-2015-131](https://www.drupal.org/node/2516688)**
**Changes since 7.x-3.2:**
* Fix security vulnerability, by AdamPS.
* Remove an entity_label() workaround that core no longer needs.
* Issue #2427381 by axel.rutz: Rules component lacks entity type
* Issue #2418751 by anrikun: Archive action fails silently
* Issue #2318273 by bojanz, PascalAnimateur: Added Hide action links from confirmation pages.
* Issue #2364849 by rudiedirkx: Fixed Don’t export unselected actions.
* Issue #1817978 by ofry, samalone: Fixed Undefined index: triggers in flag_flag->get_valid_actions() .
* Issue #2341283 by JvE: Fixed views_bulk_operations_cron says 1 day but uses 10 days.
* Issue #2345667 by PascalAnimateur: Fixed Translate properties / available tokens titles.
* Issue #2312547 by bennybobw, lmeurs: Fixed Broken view titles, they often only display a Total being passed to action with Views 3.8.
* Clean up previous patch.
* Issue #1781704 by juampy: Added Make the ability to click on a row and activate the checkbox optional.
* Issue #2254871 by jorisdejong: Fixed No default action behavior set in getAccessMask().
* Issue #2280213: Make the OR string in theme_views_bulk_operations_select_all() translatable.
* Issue #1618474 followup by acbramley: Hide operations selector & checkboxes if no operation available.
* Issue #2192775 by Berdir: views_bulk_operations_load_action_includes() uses relative path in include_once

Resolved Bugs
1223769 – drupal7-ds-2.10 is available<br
## 7.x-2.10
This is a bug fix release for a bug that is affected many websites using ds search. See #2385835: Adding ‘theme_hook_original’ triggers PHP warning in theme_ds_search_page
## 7.x-2.9
This release contains various bug fixes and a couple of new features.
New features:
* Enable/disable view modes per content type
* Ability to Disable the CSS file added on Layouts
* Replace tokens in layout attributes
## 7.x-2.8
[SA-CONTRIB-2015-095](https://www.drupal.org/node/2471733)