There has been a security release for CiviCRM. Upgrades are available for:
- CiviCRM v6.4.1 (download, release notes)
- CiviCRM v6.5.0 (download, release notes)
- CiviCRM v5.81.4 ESR (info, download, release notes)
These upgrades address the following security issue:
- CIVI-SA-2025-01: Insufficient Permission Denial
- CIVI-SA-2025-02: Contact Images (CSRF)
- CIVI-SA-2025-03: Dialog Title (XSS)
- CIVI-SA-2025-04: Arbitrary File Move
- CIVI-SA-2025-05: Embedded Searches
- CIVI-SA-2025-06: Weak CSRF Key
Looking to use Extended Security Releases (ESR) in the future? Starting this month, version 6.4 will be new ESR.
Support CiviCRM
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.
- Make a donation or contribute to a Make it happen campaign.
- If your organization wants to support our work, please become a member today.
- If you are a CiviCRM service provider, please become a partner.
CiviCRM is community driven and is sustained through contributions, good vibes, solidarity, and financial support from its community. Help CiviCRM do a world of good.
