CiviCRM Security Release (5.65, 5.64, 5.63-ESR)

There has been a security release for CiviCRM (announcement). Upgrades are available for:

CiviCRM v5.65.0 (download, release notes) CiviCRM v5.64.4 (download, release notes) CiviCRM v5.63.4 ESR (info, download, release notes)

These upgrades address the following security issue:

CIVI-SA-2023-07: Smarty Math (Remote Code Execution) CIVI-SA-2023-08: KCFinder (Cross-Site Scripting) CIVI-SA-2023-09: GetFields (SQL Injection) CIVI-SA-2023-10: Multiple Potential (SQL Injections) CIVI-SA-2023-11: Select2 (Cross-Site Scripting) CIVI-SA-2023-12: jQuery Validation (Denial of Service) CIVI-SA-2023-13: Survey (Cross-Site Scripting) CIVI-SA-2023-14: Contact Image (Cross-Site Request forgery) CIVI-SA-2023-15: CiviEvent (Cross-Site Scripting)
Click this link to unsubscribe from this mailing list. Click this link to opt out of all mail from CiviCRM.org. Our mailing address is:
1350 Ortega St
San Francisco, California 94122
United States