Recently I was asked to compile a list of all CiviCRM releases since 3.1.0, identifying which were security releases so that we could make sure clients' sites were secure. The organization I work for (Freeform Solutions) is focused on doing sites for other non-profit organizations, many of whom are still running older versions of CiviCRM due to budgetary or other constraints, so we wanted to be sure that no one was running a version known to contain security vulnerabilities. Since this seemed like the sort of resource that might be useful to other CiviCRM users, I'm sharing it here.
Of course, the simplest approach is probably just making sure any given client is running the latest release of their particular CiviCRM version (4.3.x, 4.2.x, etc.). But this isn't always reliable (as pointed out by Herb in a comment below), because security fixes are not always applied to older versions (currently, versions prior to 4.2 are not being...Read more
IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.
In recent days, multiple site admininistrators have reported evidence that their sites were attacked using vulnerabilities in the OpenFlashChart library included with prior versions of CiviCRM. This vulnerability was eliminated in the CiviCRM v4.2.6 release (Dec 2012), and site administrators were strongly advised to apply the upgrade. However, as older versions of CiviCRM are still vulnerable, site administrators running outdated versions of CiviCRM should take steps immediately to prevent new attacks and identify past attacks. This blog post provides some background and suggestions.
You can check what version of CiviCRM you are using by looking on any CiviCRM page. The version is displayed at the bottom of the screen (see screenshot...
I have been leveraging the CiviCase component of CiviCRM to help a crisis response organization transition to a paperless process. I was originally tasked with "fixing" a Microsoft implementation of a custom web application written in VBScript and MS SQL Server but after fighting with the former developers horrible code I finally decided to migrate the system over to an open source LAMP implementation leveraging J! 1.5 and CiviCRM 3.1.
My client is a leading provider of crisis psychiatric care and system management services to public and private entities. In addition they are a non-profit that manages mental health outreach and psychiatric recovery services (www.thesantegroup.org). Some of the services they provide include:
- Crisis Response Services
- Hotline telephone support for individuals and family members in crisis, mental...Read more
This week we're releasing CiviCRM 3.1.6 and 3.2.beta5 - they are both regular bugfix releases, however, they also bring a fix to recently discovered security vulnerability, which in specific conditions allows an unauthorized person to access some CiviCRM functionality. Please make sure you upgrade your production installations running 3.1.5 and earlier to 3.1.6 to avoid the risk.For 3.1.6 upgrade instructions check: Drupal Upgrade, Joomla! Upgrade and Standalone Upgrade instructions. Make sure not to confuse 3.1 (which is stable version) with 3.2 (which is still beta) when downloading the upgrade bundle - even though it's already quite solid, you don't want to end up with beta... Read more
UPDATE: Dec 17, 2010
dharmatech has contributed a similar module to drupal.
d.o. page: http://drupal.org/project/civievent_discount
great job dharmatech!
UPDATE: Dec 2, 2010
I uploaded the module for a CVS account at d.o. Check this page http://drupal.org/node/977826
Please post suggestions
JULY 6, 2010
I have been working on integrating discount system in civicrm for a project. I came across a good blog http://civicrm.org/node/566...Read more
- Change these paths to civicrm/contact/deduperules and civicrm/contact/dedupefind, which probably means moving the path...