Laden...
There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:
CiviCRM v5.19.2 CiviCRM v5.13.7 ESRBelow are the security advisories details:
CIVI-SA-2019-19: SQL injection in "dedupefind" CIVI-SA-2019-20: Privilege escalation via leaked key CIVI-SA-2019-21: PHP object injection via "Saved Search" and "Report Instance" APIs CIVI-SA-2019-22: Cross-site scripting in dashboard titles CIVI-SA-2019-23: Incorrect storage encoding for APIv4 CIVIEXT-SA-2019-02: Cross-site scripting in CiviCase v5 extensionA couple of other issues have been fixed in these releases, as described in the official announcement.
Upgrade now for the most stable CiviCRM experience:
To download CiviCRM 5.19.2: https://civicrm.org/download To download CiviCRM 5.13.7 ESR version: https://civicrm.org/esrNote: If you use CiviCRM v5.13.7 ESR with the APIv4 extension ("org.civicrm.api4"), you should double-check that your system is running version 4.4.4. In v5.19+, no extra check is necessary.
CiviCRM security announcements are available from https://civicrm.org/advisory and via the CiviCRM Security Notifications email list.
Laden...
Laden...
© 2024