Laden...
There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:
CiviCRM v5.35.1 CiviCRM v5.33.3 ESRBelow are the security advisories:
CIVI-SA-2021-01: Reflected Cross Site Scripting via Uploaded CSVs CIVI-SA-2021-02: Web Executable Utility Scripts CIVI-SA-2021-03: Cross Site Scripting in "Manage Extensions" CIVI-SA-2021-04: Cross Site Scripting in the APIv4 Explorer CIVI-SA-2021-05: Reflected Cross Site Scripting in Personal Campaign Pages CIVI-SA-2021-06: Timing Attacks Against the Site Key CIVI-SA-2021-07: SQL injection in Joomla user integrationA couple of other issues have been fixed in these releases. Please see the official announcement and release notes.
The CiviCRM Security Team would also like to make people aware about a public service announcement in regards to changes to cryptography handling in CiviCRM
We would also like to thank Deutsche Gesellschaft für Internationale Zusammenarbeit GmbH for funding this security release.
Upgrade now for the most stable CiviCRM experience:
To download CiviCRM 5.35.1 : https://civicrm.org/download To download CiviCRM 5.33.3 ESR version: https://civicrm.org/esr
Laden...
Laden...
© 2024