CIVI-SA-2024-08: PhpSpreadsheet

Published

2024-10-16 12:00

Written by

dev-team

The bundled library "PhpSpreadsheet" has issued multiple security advisories.

Security Risk

Critical

Vulnerability

Other

Affected Versions

CiviCRM versions 5.78.1 and earlier

Fixed Versions

CiviCRM versions 5.78.2 and 5.75.4 (ESR)

Publication Date

2024-10-16 - 12:00

Solutions

Any ONE of the following:

Upgrade to the fixed version of CiviCRM
Manually update PHPSpreadsheet
Disable the extension "Civi-Import"

Credits

Development/Review: Eileen McNaughton of Wikimedia Foundation; Seamus Lee of JMA Consulting; Tim Otten of CiviCRM

References

GHSA-6hwr-6v2f-3m88
GHSA-5gpr-w2p5-6m37
GHSA-w9xv-qf98-ccq4
GHSA-wgmf-q9vr-vww6
GHSA-r8w8-74ww-j4wh
GHSA-ghg6-32f9-2jp7
GHSA-v66g-p9x6-v98p

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2023, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D8]

CIVI-SA-2024-08: PhpSpreadsheet

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

CIVI-SA-2024-08: PhpSpreadsheet

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM