Security Releases

There has been a security release for CiviCRM. Upgrades are available for:

There has been a security release for CiviCRM. Upgrades are available for:

There has been a security release for CiviCRM. Upgrades are available for:

Important Notice: This is a security release. We recommend you immediately upgrade to one of the following versions:

• CiviCRM 5.36.1 (download)
• CiviCRM 5.35.2 (download)
• CiviCRM 5.33.5 ESR (signup)

Below are the security advisories details:

Important Notice: This is a security release. We recommend you immediately upgrade to one of the following versions:

• CiviCRM 5.35.1 (download)
• CiviCRM 5.33.3 ESR (signup)

Below are the security advisories details:

Important Notice: This is a security release. We recommend you immediately upgrade to one of the following versions:

• CiviCRM 5.28.1 (download)
• CiviCRM 5.27.5 ESR (signup)

Below are the security advisories details:

Important Notice: This is a security release. We recommend you immediately upgrade to one of the following versions:

• CiviCRM 5.24.3 (download)
• CiviCRM 5.21.3 ESR (signup)

Below are the security advisories details:

CiviCRM version 5.20.0 is now out and ready to download.

Important Notice: This is a security release. We recommend you immediately upgrade to one of the following versions:

• CiviCRM v5.20.0
• CiviCRM v5.19.4
• CiviCRM v5.13.8 ESR

Below are the security advisories details:

• CIVI-SA-2019-24: CSRF in APIv4 AJAX end point

Bugs resolved in 5.19.4:

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

• CiviCRM v5.19.2
• CiviCRM v5.13.7 ESR

In addition to the security fixes, this release includes several bug fixes. 

Below are the security advisories details:

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

• CiviCRM v5.10.3
• CiviCRM v5.7.4 ESR

In addition to the security fixes, this release includes two regression fixes. 

Below are the security advisories details:

The latest release of CiviCRM 5.3.1 and 4.6.38 includes security fixes. This is a critical security release, we recommend upgrading to 5.3.1 and 4.6.38 to ensure the security of your site and data as soon as possible.

The latest release of CiviCRM 4.6 and 4.7 includes security fixes. We recommend upgrading to 4.7.7 or 4.6.16 to ensure the security of your site and data. The latest releases include 2 moderately critical fixes. A number of other non-security issues have also been fixed in the latest releases.

If you are currently using 4.6.7 and your site uses ACLs to segment access to contacts you are strongly encouraged to upgrade. The 4.6.7 release included a regression in the ACL system which caused certain contact access permissions to behave improperly. The 4.4 LTS branch was unaffected.

The latest releases of CiviCRM 4.6 and 4.4 LTS include 2 moderately critical security fixes. While these issues are unlikely to affect the average CiviCRM site, it is recommended to upgrade to the latest version to keep your site as secure as possible.

IATS has been a payment processor extension with CiviCRM for quite a while and has been actively developed & supported. If you are using the IATS extension you can say a quiet thank you to Alan, Karin & Stephen & stop reading.

About 4.2.10 LTS

The community of developers and implementers is proud to announce the 4.2.10 LTS release of CiviCRM.  LTS stands for "long term support" and the purpose of this release is three fold:

1. To provide bug and security fixes to those who are not ready to upgrade to CiviCRM 4.3 just yet

2. To increase the reliability of an existing CiviCRM release