restws 7.x-2.9

Git tag 7.x-2.9

restws 7.x-2.8

Git tag 7.x-2.8
Security update

This resolves issues described in SA-CORE-2019-003 for this module.

Not all configurations are vulnerable. See SA-CORE-2019-003 for details.

restws 7.x-2.7

Git tag 7.x-2.7
Security update
Insecure

Fixes security issue Moderately Critical - Information Disclosure - SA-CONTRIB-2017-024

restws 7.x-2.6

Git tag 7.x-2.6
Security update
Insecure

Changes since 7.x-2.5:

restws 7.x-1.7

Git tag 7.x-1.7
Security update

Changes since 7.x-1.6:

restws 7.x-2.5

Git tag 7.x-2.5
Bug fixes
Insecure

Issue #2484829 by mariano.barcia, mallezie, Koen.Pasman, dgtlmoon, joseph.olstad, lokapujya, kurkuma, bangpound, jaskaran.nagra, iamEAP: Specifying the resource format via a URL extension (like "node/1.json") no longer works in Drupal 7.37

restws 7.x-2.4

Git tag 7.x-2.4
Bug fixes
Insecure

Changes since 7.x-2.3:

  • #1806142 by klausi: EntityMetadataWrapperException: This node is no book page
  • Disable XML entity loading which is not needed.

restws 7.x-1.6

Git tag 7.x-1.6
Bug fixes
Insecure

Changes since 7.x-1.5:

  • Disable XML entity loading which is not needed.

restws 7.x-1.5

Git tag 7.x-1.5
Security update
Insecure

Security update, not other changes. See SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass

restws 7.x-2.3

Git tag 7.x-2.3
Security update
Insecure

Security update, not other changes. See SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass

restws 7.x-2.2

Git tag 7.x-2.2
Bug fixes
Insecure

Bugfix release. Please also update the Entity API module to the most recent stable version.

Changes since 7.x-2.1:

restws 7.x-2.1

Git tag 7.x-2.1
Security update
Insecure

See SA-CONTRIB-2013-062

This release adds field level access to entity write operations, such as POST and PUT requests. Make sure that your service consumers have sufficient permissions to write fields they want to insert or update.

restws 7.x-1.4

Git tag 7.x-1.4
Security update
Insecure

See SA-CONTRIB-2013-062

This release adds field level access to entity write operations, such as POST and PUT requests. Make sure that your service consumers have sufficient permissions to write fields they want to insert or update.

restws 7.x-2.0

Git tag 7.x-2.0
Security update
Insecure

This release fixes a critical SQL injection vulnerability. It is mitigated by the fact that an attacker must have the permission to access a resource (example: Access the resource node) in order to exploit this.

Since development of this module has slowed down significantly over the last months this release also marks the first stable release, in order to get proper security advisories for any future security issues.

restws 7.x-2.0-alpha5

Git tag 7.x-2.0-alpha5
Security update
Insecure

See SA-CONTRIB-2013-042

Consumers should not issue GET requests to /@entity_type/@id with HTTP Accept headers set to the expected format aynmore, since that could interfere with Drupal's page cache. HTML might be returned from that URLs that could break clients.

Example of URLs that are deprecated and should not be used anymore:

restws 7.x-1.3

Git tag 7.x-1.3
Security update
Insecure

See SA-CONTRIB-2013-042

Consumers should not issue GET requests to /@entity_type/@id with HTTP Accept headers set to the expected format aynmore, since that could interfere with Drupal's page cache. HTML might be returned from that URLs that could break clients.

Example of URLs that are deprecated and should not be used anymore:

restws 7.x-2.0-alpha4

Git tag 7.x-2.0-alpha4
Security update
Insecure

See also SA-CONTRIB-2013-003

This release comes with a major API change for clients. A security token has been introduced to guard against CSRF attacks. This change only affects you if

* your client uses cookie-based user authentication and
* your client performs write operations (POST, PUT or DELETE).

Clients that only read data (GET requests) still work the same. Clients that use other authentication mechanisms (like restws_basic_auth) remain unaffected as well.

restws 7.x-1.2

Git tag 7.x-1.2
Security update
Insecure

See also SA-CONTRIB-2013-003

This release comes with a major API change for clients. A security token has been introduced to guard against CSRF attacks. This change only affects you if

* your client uses cookie-based user authentication and
* your client performs write operations (POST, PUT or DELETE).

Clients that only read data (GET requests) still work the same. Clients that use other authentication mechanisms (like restws_basic_auth) remain unaffected as well.

restws 7.x-2.0-alpha3

Git tag 7.x-2.0-alpha3
Security update
Insecure

Fixes a CSRF security issue. SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF)

API change: The format extension in URL paths only works for GET requests now.
Example that still works:

GET http://example.com/node/123.json
GET http://example.com/node.json

Examples that do not work anymore:

restws 7.x-1.1

Git tag 7.x-1.1
Security update
Insecure

Fixes a CSRF security issue. SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF)

API change: The format extension in URL paths only works for GET requests now.
Example that still works:

GET http://example.com/node/123.json

Examples that do not work anymore:

restws 7.x-2.0-alpha2

Git tag 7.x-2.0-alpha2
New features
Bug fixes
Insecure

This release introduces querying support for entities. You can retrieve a list of entities now and even filter it with the power of EntityFieldQuery. See the Querying and Meta controls section in the README.txt. Big thanks to sepgil for implementing all this during Google Summer of Code!

Changes since 7.x-2.0-alpha1:

restws 7.x-1.0

Git tag 7.x-1.0
Bug fixes
Insecure

Changes since 7.x-1.0-beta2:

  • #1506190 by sepgil: Fixed Don't allow to create Entities without Bundles.

restws 7.x-2.0-alpha1

Git tag 7.x-2.0-alpha1
New features
Insecure

First release of the new 2.x branch. The new branch was created because of an important API change: the HTTP request methods for create and update operations have been swapped (see #1472634: HTTP PUT / POST Reversed for CRUD CREATE / UPDATE Operations). The 7.x-1.x branch is now frozen and will get security fixes only. If you want to start a new project with RESTWS use the 2.x branch.

restws 7.x-2.x-dev

Git branch 7.x-2.x

Nightly development snapshot.

restws 7.x-1.0-beta2

Git tag 7.x-1.0-beta2
Bug fixes
Insecure

Very minor maintenance release. This is the last release before our Google Summer of Code changes will be started.

Changes since 7.x-1.0-beta1:

restws 7.x-1.0-beta1

Git tag 7.x-1.0-beta1
Insecure

First beta release of RESTWS. See README.txt for usage instructions. Please report any problems in the issue queue.

restws 7.x-1.x-dev

Git branch 7.x-1.x

Development snapshot of most recent work.

Subscribe with RSS Subscribe to Releases for RESTful Web Services