Posted by Joshua Rogers on Jul 10
Not new.
You can type it in the Skype application, and press control-shift-enter,
and it will send the HTML.
e.g., I can put into the chatbox
<a
href=”http://jaanuskp.blogspot.com.au/2015/07/fake-links-in-skype.html">google.com</a>
hold down control and shift, and then press enter. It will appear as
google.com, and be clickable to your blog.
Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636.
The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851.
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface.
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.
xl command line config handling stack overflow [XSA-137, CVE-2015-3259]
Resolved Bugs
1238486 – drupal7-migrate-2.8 is available<br
## 7.x-2.8
**See [SA-CONTRIB-2015-130](https://www.drupal.org/node/2516678)**
**Features and enhancements**
* Issue #2379289: migrate-import –update does not seem to work as expected, if map is not joinable, due to highwater field?
* Issue #2403643: Migration::applyMappings() unable to handle multifield subfields
* Issue #2472045: Add language subfields only if field is translatable
* Issue #2474809: Obtuse error message when migration dependencies are missing
* Issue #2397791: MigrationBase::handleException should handle multiple errors via field_attach_validate()
* Issue #2309563: Add support for running migrations via wildcard name
* Issue #2095841: Add MigrationBase methods to enable/disable mail system.
* Issue #2419373: Performance improvement when using Source migrations in combination with MigrateSQLMap
* Issue #2141687: Make error messages include more information when migrating files
**Bug fixes**
* Field sanitization added to prevent possibility of XSS – see security advisory https://security.drupal.org/node/155268.
* Issue #2447115: Mapping editor does not properly save XML mappings
* Issue #2497015: Remapping taxonomy terms breaks term reference import on dependant migrations
* Issue #2488560: MigrateSourceList and MigrateSourceMultiItems getNextRow() stops after only one iteration
* Issue #2446105: Source fields getting reset as “do not migrate” after mapping and saving
* Issue #2415977: /tmp is hard-coded in migrate_ui
* Issue #2475473: Drush idlist option broken
* Issue #2465387: Unknown option: –stop during migrate-import via Drush
**Important: If you are upgrading from Migrate 2.5 or earlier**
Migration developers will need to add the “advanced migration information” permission to their roles to continue seeing all the info in the UI they’re used to.
Auto-registration (having classes be registered just based on their class name, with no call to registerMigration or definition in hook_migrate_api()) is no longer supported. Registration of classes defined in hook_migrate_api() is no longer automatic – do a drush migrate-register or use the Register button in the UI to register them.
Migration class constructors should now always accept an $arguments array as the first parameter and pass it to its parent. This version does support legacy migrations which pass a group object, or nothing, but these methods are deprecated.