Security release: CiviCRM 4.7.21 and 4.6.29

2017-07-06 09:39
Written by
CiviCRM 4.7.21 and 4.6.29 

Please note that release 4.7.21 and 4.6.29 are security releases. Please see below links to the security advisories:

You can see a full details of what is new here.


Big thanks to Andrew Hunt from AGH Strategies for putting up together release notes for this version. 
The release notes for 4.7.21 can be accessed  here


Complete list of 4.7 contributors can be found here.
Big thanks to Seamus Lee for help with this security release! 


  •  Core CiviCRM updates:

You can now specify a custom date range when searching for active relationships

It is now possible to filter on the active dates of a relationship in Advanced Search and the Relationship Report. If relationship start and end dates are filled accurately, this allows finding active relationships at a specified point in time.

The CiviCRM logo spins while the next page is loading

Just so you know we’re focused on the big things, the spinning logo in the navigation menu provides visual indication that a new page is loading. 

More accurate Relationship Count on Contact Summary View

The relationship count for a contact is now calculated by using the COUNT() SQL function rather than counting the number of rows in the query result.

  •  CiviCase

New People involved tab

The phone number for related contacts is now available in the API.


  • CiviMail

A/B tests can now be sent in parallel

This change improves A/B testing where the test group is larger than the mailer job size. In these cases, each mailer job is scheduled one second after the prior one, ensuring that the first A job is followed by the first B job, then the next A job, and so on.


  • Drupal Integration

New ‘current employer’ filter in views

This feature is now available in Drupal 6.x for CiviCRM 4.7.x. It was previously added for other Drupal-CiviCRM version combinations but now it’s everywhere.

Current employer ID now available in more forms in Views

The current employer ID is now available as a display, contextual filter, another kind of filter and a sort field in Views.


  • Joomla Integration

hook_civicrm_permissions are now supported on Joomla

CiviCRM permissions in Joomla can now be defined dynamically, allowing extensions using hook_civicrm_permissions to work properly.


Bugs resolved

  • CiviCRM core

Parent Groups don’t inherit child group contacts in Smart Groups

A bug was fixed where members of a new Smart Groups would not appear as members of parent groups of the Smart Group.

Incorrect state/province names for Austria

Two states of Austria were missing umlauts.


  • CiviContribute

CiviCRM, Contribution page, when using the ‘On behalf of’ Organisation Profile, the fieldset title uses hardcoded ‘Organization Details’

The on-behalf profile now uses the profile's name rather than ‘Organization Details’.

No more than 25 Price Options listed

This displays all options on a price field rather than only the first 25.

Paypal Express not working in German

Another way in which German language support has improved: various conditions were conditional upon the locally-translated label of PayPal rather than the fixed name. This is no longer an issue.


  • CiviEvent

User deprecated function: Deprecated function for New Participant

This avoids notices when creating new participants from the backend.


  • CiviMail

Mail Summary Report showing same number for Total Opens and Unique Opens

This resolves a problem where the Total Opens count was only querying DISTINCT open results, rather than every time an email was opened.


  • CiviMember

Make "disabled" table rows appear greyed-out

CSS in the Seven theme conflicts with CiviCRM's CSS, preventing rows of disabled records from having grey text.




If you are installing CiviCRM 4.7 from scratch, please use the corresponding automated installer instructions: users:: Prior to 4.7, CiviCRM forced to send out receipt emails regardless of configuration. From 4.7 onwards this will not happen and you should log into your interface and configure whether you want to send out receipts (in addition to those sent by CiviCRM).

Lybunt report users:: Some fields that were previously mandatory on Lybunt are now optional. On new reports they are on by default but you might need to check the fields you want are selected for existing reports.



If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.7.