Please note that release 4.7.21 and 4.6.29 are security releases. Please see below links to the security advisories:
- CIVI-SA-2017-01 Pingback URL not encrypted
- CIVI-SA-2017-02 Privilage escalation via leaked key
- CIVI-SA-2017-03 Cross site scripting in the recently viewed block
- CIVI-SA-2017-04 Incorrect escaping for "On Behalf Of" block
- CIVI-SA-2017-05 Incorrect escaping for "Search Results" column
- CIVI-SA-2017-06 Incorrect escaping in Drupal Views integration
- CIVI-SA-2017-07 Insufficient permission-check in mailing report
- CIVI-SA-2017-08 Upgrade multiple JS libraries
You can see a full details of what is new here.
WHAT'S NEW IN CIVICRM 4.7.21
- Core CiviCRM updates:
You can now specify a custom date range when searching for active relationships
It is now possible to filter on the active dates of a relationship in Advanced Search and the Relationship Report. If relationship start and end dates are filled accurately, this allows finding active relationships at a specified point in time.
The CiviCRM logo spins while the next page is loading
Just so you know we’re focused on the big things, the spinning logo in the navigation menu provides visual indication that a new page is loading.
More accurate Relationship Count on Contact Summary View
The relationship count for a contact is now calculated by using the COUNT() SQL function rather than counting the number of rows in the query result.
New People involved tab
The phone number for related contacts is now available in the API.
A/B tests can now be sent in parallel
This change improves A/B testing where the test group is larger than the mailer job size. In these cases, each mailer job is scheduled one second after the prior one, ensuring that the first A job is followed by the first B job, then the next A job, and so on.
New ‘current employer’ filter in views
This feature is now available in Drupal 6.x for CiviCRM 4.7.x. It was previously added for other Drupal-CiviCRM version combinations but now it’s everywhere.
Current employer ID now available in more forms in Views
The current employer ID is now available as a display, contextual filter, another kind of filter and a sort field in Views.
hook_civicrm_permissions are now supported on Joomla
CiviCRM permissions in Joomla can now be defined dynamically, allowing extensions using hook_civicrm_permissions to work properly.
- CiviCRM core
Parent Groups don’t inherit child group contacts in Smart Groups
A bug was fixed where members of a new Smart Groups would not appear as members of parent groups of the Smart Group.
Incorrect state/province names for Austria
Two states of Austria were missing umlauts.
CiviCRM, Contribution page, when using the ‘On behalf of’ Organisation Profile, the fieldset title uses hardcoded ‘Organization Details’
The on-behalf profile now uses the profile's name rather than ‘Organization Details’.
No more than 25 Price Options listed
This displays all options on a price field rather than only the first 25.
Paypal Express not working in German
Another way in which German language support has improved: various conditions were conditional upon the locally-translated label of PayPal rather than the fixed name. This is no longer an issue.
User deprecated function: Deprecated function for New Participant
This avoids notices when creating new participants from the backend.
Mail Summary Report showing same number for Total Opens and Unique Opens
This resolves a problem where the Total Opens count was only querying DISTINCT open results, rather than every time an email was opened.
Make "disabled" table rows appear greyed-out
CSS in the Seven theme conflicts with CiviCRM's CSS, preventing rows of disabled records from having grey text.
Authorize.net users:: Prior to 4.7, CiviCRM forced Authorize.net to send out receipt emails regardless of Authorize.net configuration. From 4.7 onwards this will not happen and you should log into your Authorize.net interface and configure whether you want Authorize.net to send out receipts (in addition to those sent by CiviCRM).
Lybunt report users:: Some fields that were previously mandatory on Lybunt are now optional. On new reports they are on by default but you might need to check the fields you want are selected for existing reports.