Important Notice: This is a security release. We recommend you immediately upgrade to one of the following versions:
Below are the security advisories details:
- CIVI-SA-2020-01: Sanitize Entity Name
- CIVI-SA-2020-02: API Key Disclosure
- CIVI-SA-2020-03: PHP Code Execution via Phar Deserialization
- CIVI-SA-2020-04: Cross Site Scripting within CiviCase Reports
- CIVI-SA-2020-05: SQL Injection in Campaign Summary and Delete Activity
- CIVI-SA-2020-06: SQLI in Query Builder
- CIVI-SA-2020-07: CSRF in Scheduled Jobs
- CIVI-SA-2020-08: XSS via JS libraries
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.
- Make a donation or contribute to a Make it happen campaign.
- If your organization wants to support our work, please become a member today.
- If you are a CiviCRM service provider, please become a partner.