CiviCRM versions prior to 4.7.8 or 4.6.17
CiviCRM versions 4.7.8 or greater, or 4.6.17 or greater.
A potential for information disclosure was identified in a packaged library, HTML TreeBuilder.
CiviCRM now patches the TreeBuilder library to direct debug output to the CiviCRM debug log, rather than to screen.
- Upgrade to CiviCRM 4.7.8 or greater, or 4.6.17 or greater
- or, apply the patch @ https://github.com/civicrm/civicrm-core/pull/8419/commits/7c41f184adddee...
Thanks to Hewlett Packard for reporting the issue, and to Tim Otten for the fix.