Resolved Bugs
1238487 – drupal7-views_bulk_operations-3.3 is available<br
## 7.x-3.3
**See [SA-CONTRIB-2015-131](https://www.drupal.org/node/2516688)**
**Changes since 7.x-3.2:**
* Fix security vulnerability, by AdamPS.
* Remove an entity_label() workaround that core no longer needs.
* Issue #2427381 by axel.rutz: Rules component lacks entity type
* Issue #2418751 by anrikun: Archive action fails silently
* Issue #2318273 by bojanz, PascalAnimateur: Added Hide action links from confirmation pages.
* Issue #2364849 by rudiedirkx: Fixed Don’t export unselected actions.
* Issue #1817978 by ofry, samalone: Fixed Undefined index: triggers in flag_flag->get_valid_actions() .
* Issue #2341283 by JvE: Fixed views_bulk_operations_cron says 1 day but uses 10 days.
* Issue #2345667 by PascalAnimateur: Fixed Translate properties / available tokens titles.
* Issue #2312547 by bennybobw, lmeurs: Fixed Broken view titles, they often only display a Total being passed to action with Views 3.8.
* Clean up previous patch.
* Issue #1781704 by juampy: Added Make the ability to click on a row and activate the checkbox optional.
* Issue #2254871 by jorisdejong: Fixed No default action behavior set in getAccessMask().
* Issue #2280213: Make the OR string in theme_views_bulk_operations_select_all() translatable.
* Issue #1618474 followup by acbramley: Hide operations selector & checkboxes if no operation available.
* Issue #2192775 by Berdir: views_bulk_operations_load_action_includes() uses relative path in include_once

Resolved Bugs
1223769 – drupal7-ds-2.10 is available<br
## 7.x-2.10
This is a bug fix release for a bug that is affected many websites using ds search. See #2385835: Adding ‘theme_hook_original’ triggers PHP warning in theme_ds_search_page
## 7.x-2.9
This release contains various bug fixes and a couple of new features.
New features:
* Enable/disable view modes per content type
* Ability to Disable the CSS file added on Layouts
* Replace tokens in layout attributes
## 7.x-2.8
[SA-CONTRIB-2015-095](https://www.drupal.org/node/2471733)

Resolved Bugs
1229706 – CVE-2015-4411 rubygem-moped: Denial of Service with crafted ObjectId string (incomplete fix for CVE-2015-4410)
1229708 – CVE-2015-4411 rubygem-moped: Denial of Service with crafted ObjectId string [fedora-all]<br
Security fix for CVE-2015-4411

**Horde_Form 2.0.10**
* [jan] SECURITY: Fixed XSS in form renderer.
**Horde_Icalendar 2.1.1**
* [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).
**Horde_Auth 2.1.10**
* [jan] SECURITY: Don’t allow to login to LDAP with an emtpy password.
**Horde_Core 2.20.6**
* [jan] SECURITY: Don’t allow to login with an emtpy password.
* [jan] Give administrators access to all groups, even with $conf[‘share’][‘any_group’] disabled.

Resolved Bugs
1160137 – CVE-2013-5123 python-virtualenv: python-pip: insecure software download with mirroring support [epel-all]<br
Updated per user request in BZ#1160137 to bring the version in line with Fedora.

Resolved Bugs
1232973 – drupal7-feeds-2.0-alpha9 is available<br
## 7.x-2.0-alpha9
**This is a security release. People running 7.x-2.0-alpha8 or below should update. This release only contains security fixes, no additional bug fixes or features.**
Changes since 7.x-2.0-alpha8:
* Issue #2495145 by twistor, cashwilliams, greggles, klausi: Possible XSS in PuSHSubscriber.inc
* Issue #2502419 by klausi: Log messages XSS attack vector
* Issue #1848498 by twistor: Respect allowed file extensions in file mapper
Fix slight problem with versioning
Update to upstream alpha8 release for bug fixes, see http://drupal.org/node/1978108 for list of fixed bugs