There has been a security release for CiviCRM. Upgrades are available for:
- CiviCRM v5.65.0 (download, release notes)
- CiviCRM v5.64.4 (download, release notes)
- CiviCRM v5.63.4 ESR (info, download, release notes)
These upgrades address the following security issue:
- CIVI-SA-2023-07: Smarty Math RCE
- CIVI-SA-2023-08: KCFinder XSS
- CIVI-SA-2023-09: GetFields SQLI
- CIVI-SA-2023-10: Multiple Potential SQLI
- CIVI-SA-2023-11: Select2 XSS
- CIVI-SA-2023-12: jQuery Validation DoS
- CIVI-SA-2023-13: Survey XSS
- CIVI-SA-2023-14: Contact Image CSRF
- CIVI-SA-2023-15: CiviEvent XSS
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.
- Make a donation or contribute to a Make it happen campaign.
- If your organization wants to support our work, please become a member today.
- If you are a CiviCRM service provider, please become a partner.
CiviCRM is community driven and is sustained through contributions, good vibes, solidarity, and financial support from its community. Help CiviCRM do a world of good.