Security Releases 4.4.19, 4.6.7

2015-08-19 12:06
Written by
colemanw - member of the CiviCRM community - view blog guidelines

The latest releases of CiviCRM 4.6 and 4.4 LTS include 2 moderately critical security fixes. While these issues are unlikely to affect the average CiviCRM site, it is recommended to upgrade to the latest version to keep your site as secure as possible.

The latest versions are now available for downloading AND you can try them out on the demo site.

What's New In CiviCRM 4.6

» View the full list of improvements for 4.6

» List of issues fixed in 4.6.7

Please note that the Core IATS code has been removed from both the 4.4 & 4.6 versions.

Consider Giving Back

CiviCRM is free, open source software made possible through contributions from people like you. If your organization benefits from using CiviCRM or from the great new features in this release, please consider making a recurring contribution to support the project.

New Installations

If you are installing CiviCRM 4.6 from scratch, please use the corresponding automated installer instructions:

Upgrading to 4.6

If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.6.


Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of these people and organizations:

ADG Communications - Steve Binkowski;AGH Strategies - Andrew Hunt, Jane Hanley, Tommy Bobo, Tyrell Cook; Alex C; Allan Chappell; Amnesty International Spain - Carlos Capote; Andreas Hennings; Andy Clark; Arete Imagine - Marisa Porter, Nate Porter; Blackfly Solutions - Alan Dixon; Botanical Society of America - Toby Lounsbury; Christian Wach; Chris Ward; Circle Interactive - Dave Moreton, Andrew Walker, Dave Jenkins, Maya Gibbs; CiviCoop - Erik Hommel, Jaap Jansma; CiviDesk - Nicolas Ganivet, Sunil Pawar; Community Human Services Corporation - Paul Mosey; Compucorp - Jamie Novick, Greg Meszeros, Robin Mitra, Guanhuan Chen, Chanun Chirattikanon; David Hepper; Detlev Sieber; Drishtant - Ruchi Kumar; Drupal Association - Neil Drumm; Freeform Solutions - Lola Slade; Future First - David Knoll, John Prescott, Vitor Nobrega; Elliott Eggleston; Fuzion, NZ - Chris Burgess, Eileen McNaughton, Peter Davis; Giantrabbit - Anthony Nemirovsky, Peter Haight; Ginkgo Street Labs - Frank J. Gómez, Michael Daryabeygi; GMVCO Databases - Jon-man Cheung, Alex Lee, Craig Almond; Google Summer of Code - Aditya Nambiar, Siddhant Rajagopalan, Torrance Hodgeson; - David Thompson; Jaka Kranjc; JMA Consulting - Joe Murray, Pradeep Nayak, Edsel Lopez; Joanne Chester; Johan Vervloet; John Kingsnorth; jsnyder83; Kathryn Benedicto; Han Velthuis; Ken West; Kirk Jackson; Korlon - Stuart Gaston; Lighthouse Consulting and Design - Brian Shaughnessy; Mattias Michaux; Max ; MC3 - Graham Mitchell; Mission Matters - Joshua Aranda; Mobius - Jeremy Proffitt; Northbridge Digital - Oliver Gibson; Symbiotic - Mathieu Lutfy, Samuel Vanhove; National Democratic Institute - Chris Doten; New York State Senate - Ken Zalewski; Niro Solutions; Palente Technology Cooperative - Jon Goldberg, Joseph Lacey; Paul Campbell; Pogstone - Sarah Gladstone; Progressive Tech Project - Alice Aguilar, Jamie McClelland; Registered Nurses Association of Ontario - Stan Dragnev; Richard Van Oosterhout; Seamus Lee; Semper IT - Karin Gerritsen; Skvare - Mark Hanna, Peter Petrik; Squiffle Consulting - Aidan Saunders; Stephen Palmstrom; Systopia - Björn Endres, Fabian Schuttenberg, Martin Peth, Niko Bochan; Tadpole - Dana Skallman, Kevin Cristiano; Tech to the People - Xavier Dutoit; TeNNoX; Tim Mallezie; Toke Høiland-Jørgensen; Veda Consulting - Priyanka Karan, Parvez Saleh, Deepak Srivastava; Web Access - Tony Mazzerella, Nileema Jadhav, Parag Bhilkar, Pratiksha Dubey, Manish More; Wikimedia Foundation - Adam Wight; William Theaker; Zing - Simon West, Andrew Tombs