21 November, 2019

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

  • CiviCRM v5.19.2
  • CiviCRM v5.13.7 ESR

In addition to the security fixes, this release includes several bug fixes. 

Below are the security advisories details:

Read more
21 February, 2019

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

 

  • CiviCRM v5.10.3
  • CiviCRM v5.7.4 ESR

In addition to the security fixes, this release includes two regression fixes. 

Below are the security advisories details:

Read more
26 April, 2018
Filed under v4.6, CiviCRM, Security

Long Term Support (LTS) releases of CiviCRM are versions that are maintained for use by organizations for multi-year periods of time. The first official version of CiviCRM released as a LTS was version 4.4 and announced in October of 2014. 4.4 was the official LTS version until CiviCRM 4.7 was released, at which point version 4.6 was officially designated as the new LTS. The CiviCRM Core Team and several partners and contributors maintained version 4.4 and 4.6 until 2017, when Skvare and Compucorp officially took responsibility for the maintenance of CiviCRM 4.6 LTS.

Why have a Long Term Support release?

CiviCRM is open source software with a vibrant and active community of developers and contributors....

Read more
22 September, 2017
Filed under Security

When implementing the constituent relationship management solution for one of the biggest political organizations, we had to find a way to tailor the CiviCRM security model to the needs of a country-wide hierarchically structured organization.

Any multi-unit public organization with geographically distributed branches is set up with several levels of management, hierarchically structured units and roles. In our case there were four levels of hierarchy - the central office located in the capital, which manages the entire organization in 25 regions further divided into 12 to 30 districts each and finally the lowest level branches in every village or small town, as shown in pict 1. Such structure presupposes allocation of responsibilities and access hierarchically within a district, region or entire country.

...

Read more
18 July, 2017
Filed under Community, Security, Sprints

This morning Jaap and I (both from CiviCooP) took a train to Bonn and walked from the HauptBahnhof to the Systopia offices. Quite a nice sunny morning, met Beethoven on our way!

We are joining some dudes from Systopia and Palasthotel to work on CiviMcRestFace (a first attempt at a CMS agnostic connector to CiviCRM) and CiviProxy (policeman between CiviCRM and the rest of the world - check https://github.com/systopia/CiviProxy ) in a sprint for 3 days. Good stuff, made possible by Heinrich Böll Stiftung, Amnesty International Flanders and PUM Senior Experts. As you can imagine we are hard at work, with regular insertions of coffee and cold water.

Our ambition is to add some necessary...

Read more
06 July, 2017
CiviCRM 4.7.21 and 4.6.29 
 

Please note that release 4.7.21 and 4.6.29 are security releases. Please see below links to the security advisories:

Read more
27 January, 2017

email imageWhen email was first designed, security was not considered important and up until fairly recently it was still possible to send an email from any address and get away with it.

However, as spam, phishing and spoofing attacks by email have become increasingly common there have been various attempts to make email more secure.  In the last year or so the major providers (AOL, Google, Microsoft etc.) have all seriously tightened their security and authentication requirements for validating and receiving email.  The result of this is that a lot of legitimate email is now being classified as spam or rejected by those providers.  In order to ensure that your email continues to be marked as legitimate and received by these larger providers it is now almost essential that you implement SPF, DKIM and DMARC on your domains otherwise many of your...

Read more
03 May, 2016

The latest release of CiviCRM 4.6 and 4.7 includes security fixes. We recommend upgrading to 4.7.7 or 4.6.16 to ensure the security of your site and data. The latest releases include 2 moderately critical fixes. A number of other non-security issues have also been fixed in the latest releases.

 

Special Thanks

Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the...

Read more
28 July, 2015
By Eileen

IATS has been a payment processor extension with CiviCRM for quite a while and has been actively developed & supported. If you are using the IATS extension you can say a quiet thank you to Alan, Karin & Stephen & stop reading.

 

If, however, you have been using IATS since the dark days before it was an extension and never switched over then it's time to make that change to ensure your site stays secure. Use IATS & need to check? Go to administer -> customise data & screens -> manage extensions and look for IATS. If it says installed - refer to the quiet thank you above (or better yet make a quiet donation to CiviCRM :-).

 

If not it's time to install the IATS extension https://civicrm.org/extensions/iats-payments - Alan has generously offered to provide support anyone making the transition. You can log an issue on the github repo if you need help -...

Read more
09 September, 2014
By totten
Filed under v4.4, v4.3, v4.2, Community, Release, Security

We’ve been having some discussions among the folks who triage security issues, who publish new releases, and who maintain backports. We'll update the policy beginning with the upcoming 4.4.7 release (and related 4.2.19 and 4.3.9 releases).

Release Policy: The release window

For the past year (at least), the policy has been that new security releases must drop on the first Wednesday of a given month, and that other releases can drop anytime (with an undocumented requirement to target Tue/Wed/Thu). This aimed to strike a balance among predictability, security, and flexibility.

The revised policy is to allow stable point-releases on the first or third Wednesday of the month. This is another attempt to balance predictability/security/flexibility, and has a few notable implications:

  • Overall, it’s more predictable...
Read more