CiviCRM Security Release (5.19.2, 5.13.7 ESR)

2019-11-21 02:41
Written by
dev-team - official CiviCRM announcement

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

  • CiviCRM v5.19.2
  • CiviCRM v5.13.7 ESR

In addition to the security fixes, this release includes several bug fixes. 

Below are the security advisories details:


Bugs resolved

  • Member Summary Report - Fix filtering by "Member Since" (dev/core#140615894)
  • Contribution Search - Fix issue with displaying cancellation date (dev/core#139115893)
  • Contribution Search - Fix issue where search criteria were applied inconsistently (dev/core#137415896)
  • Additional Payment Form, Payment API - Calculate "Net Amount" automatically. Remove error-prone field from UI. (dev/core#140915889)


Upgrade now for the most stable CiviCRM experience:


Note: If you use CiviCRM v5.13.7 ESR with the APIv4 extension ("org.civicrm.api4"), you should double-check that your system is running version 4.4.4. In v5.19+, no extra check is necessary.

CiviCRM security announcements are available from and via the CiviCRM Security Notifications email list.