Released September 6, 2023
| Does this version...? | |
|---|---|
| Change the database schema? | no |
| Alter the API? | no |
| Require attention to configuration options? | no |
| Fix problems installing or upgrading to a previous version? | yes |
| Introduce features? | no |
| Fix bugs? | yes |
| Fix security vulnerabilities? | yes |
- CIVI-SA-2023-07: Smarty Math RCE
- CIVI-SA-2023-08: KCFinder XSS
- CIVI-SA-2023-09: GetFields SQLI
- CIVI-SA-2023-10: Multiple Potential SQLI
- CIVI-SA-2023-11: Select2 XSS
- CIVI-SA-2023-12: jQuery Validation DoS
- CIVI-SA-2023-13: Survey XSS
- CIVI-SA-2023-14: Contact Image CSRF
- CIVI-SA-2023-15: CiviEvent XSS
- Custom Data: Failure processing "File" field (#27290)
- Upgrader: Failure handling "civicrm_job_log" if there are orphaned records (#27310)
This release was developed by the following authors and reviewers:
Uepal - Jean-Marie Heitz; Third Sector Design - Kurund Jalmi, William Mortada; RIPS Technologies - Dennis Brinkrolf; Ranjit Pahan; JMA Consulting - Seamus Lee; Dave D; CiviCRM - Coleman Watts, Tim Otten; BrightMinded Ltd - Bradley Taylor; Artful Robot - Rich Lott
These release notes are edited by Tim Otten and Andie Hunt. If you'd like to
provide feedback on them, please login to https://chat.civicrm.org/civicrm and
contact @agh1.