Important Notice: This is a security release. We recommend you immediately upgrade to one of the following versions:
Below are the security advisories details:
- CIVI-SA-2020-09: Privilege Escalation via Smart Groups
- CIVI-SA-2020-10: Cross Site Scripting in Activity Details
- CIVI-SA-2020-11: CSRF on CKEditor Configuration
- CIVI-SA-2020-12: XSS in CKEditor Configuration
- CIVI-SA-2020-13: XSS in Event Summary
- CIVI-SA-2020-14: XSS in Profile Description
- CIVI-SA-2020-15: Persistant XSS in Contact Activity Tab
- CIVI-SA-2020-16: jQuery CVE-202-11022, CVE-2020-11023
- CIVI-SA-2020-17: Harden Per-Session Private Key
- CIVI-SA-2020-18: HTML Injection via Error Message
- CIVI-SA-2020-19: Edit Permission for Recurring Contributions
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.
- Make a donation or contribute to a Make it happen campaign.
- If your organization wants to support our work, please become a member today.
- If you are a CiviCRM service provider, please become a partner.