A potential for information disclosure was identified in a packaged library, HTML TreeBuilder.
CiviCRM now patches the TreeBuilder library to direct debug output to the CiviCRM debug log, rather than to screen.
CiviCRM versions prior to 4.7.8 or 4.6.17
CiviCRM versions 4.7.8 or greater, or 4.6.17 or greater.
- Upgrade to CiviCRM 4.7.8 or greater, or 4.6.17 or greater
- or, apply the patch @ https://github.com/civicrm/civicrm-core/pull/8419/commits/7c41f184addde…
Thanks to Hewlett Packard for reporting the issue, and to Tim Otten for the fix.