The latest release of CiviCRM 4.6 includes security fixes. While this issue is unlikely to affect the average CiviCRM site, it is recommended to upgrade to the latest version to keep your site as secure as possible.
If you are currently using 4.6.7 and your site uses ACLs to segment access to contacts you are strongly encouraged to upgrade. The 4.6.7 release included a regression in the ACL system which caused certain contact access permissions to behave improperly. The 4.4 LTS branch was unaffected.
The latest releases of CiviCRM 4.6 and 4.4 LTS include 2 moderately critical security fixes. While these issues are unlikely to affect the average CiviCRM site, it is recommended to upgrade to the latest version to keep your site as secure as possible.
IATS has been a payment processor extension with CiviCRM for quite a while and has been actively developed & supported. If you are using the IATS extension you can say a quiet thank you to Alan, Karin & Stephen & stop reading.
An important security update is being released for both the latest version of CiviCRM and the long-term-support version. We recommend you upgrade immediately to maintain the security of your site.
For more information on the security issues see:
The team is pleased to announce the fifth stable release of the incredible CiviCRM 4.5 series. These release include a security fix and a number of other improvements.
The security issue only affects sites using the CiviCase component. Read the security announcement for details.
There has just been a security advisory for CiviCRM. We recommend you immediately upgrade to one of the following newly released versions: