05 June, 2013

Recently I was asked to compile a list of all CiviCRM releases since 3.1.0, identifying which were security releases so that we could make sure clients' sites were secure. The organization I work for (Freeform Solutions) is focused on doing sites for other non-profit organizations, many of whom are still running older versions of CiviCRM due to budgetary or other constraints, so we wanted to be sure that no one was running a version known to contain security vulnerabilities. Since this seemed like the sort of resource that might be useful to other CiviCRM users, I'm sharing it here.

Of course, the simplest approach is probably just making sure any given client is running the latest release of their particular CiviCRM version (4.3.x, 4.2.x, etc.). But this isn't always reliable (as pointed out by Herb in a comment below), because security fixes are not always applied to older versions (currently, versions prior to 4.2 are not being updated...

Read more
17 April, 2013
By totten

IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.

In recent days, multiple site admininistrators have reported evidence that their sites were attacked using vulnerabilities in the OpenFlashChart library included with prior versions of CiviCRM.  This vulnerability was eliminated in the CiviCRM v4.2.6 release (Dec 2012), and site administrators were strongly advised to apply the upgrade. However, as older versions of CiviCRM are still vulnerable, site administrators running outdated versions of CiviCRM should take steps immediately to prevent new attacks and identify past attacks. This blog post provides some background and suggestions.

You can check what version of CiviCRM you are using by looking on any CiviCRM page.  The version is displayed at the bottom of the screen (see screenshot...

Read more
07 June, 2011

I have been leveraging the CiviCase component of CiviCRM to help a crisis response organization transition to a paperless process.  I was originally tasked with "fixing" a Microsoft implementation of a custom web application written in VBScript and MS SQL Server but after fighting with the former developers horrible code I finally decided to migrate the system over to an open source LAMP implementation leveraging J! 1.5 and CiviCRM 3.1.


My client is a leading provider of crisis psychiatric care and system management services to public and private entities.  In addition they are a non-profit that manages mental health outreach and psychiatric recovery services (www.thesantegroup.org).    Some of the services they provide include:


- Crisis Response Services

- Hotline telephone support for individuals and family members in crisis, mental...

Read more
21 July, 2010
By michal
Filed under v3.2, v3.1

This week we're releasing CiviCRM 3.1.6 and 3.2.beta5 - they are both regular bugfix releases, however, they also bring a fix to recently discovered security vulnerability, which in specific conditions allows an unauthorized person to access some CiviCRM functionality. Please make sure you upgrade your production installations running 3.1.5 and earlier to 3.1.6 to avoid the risk.

For 3.1.6 upgrade instructions check: Drupal Upgrade, Joomla! Upgrade and Standalone Upgrade instructions. Make sure not to confuse 3.1 (which is stable version) with 3.2 (which is still beta) when downloading the upgrade bundle - even though it's already quite solid, you don't want to end up with beta... Read more
06 July, 2010
Filed under CiviEvent, v3.1, CiviCRM, Drupal

UPDATE: Dec 17, 2010

dharmatech has contributed a similar module to drupal.

d.o. page: http://drupal.org/project/civievent_discount

civi blog: http://civicrm.org/blogs/dharmatech/add-coupons-events-module

great job dharmatech!

UPDATE: Dec 2, 2010

I uploaded the module for a CVS account at d.o. Check this page http://drupal.org/node/977826

Please post suggestions

JULY 6, 2010

I have been working on integrating discount system in civicrm for a project. I came across a good blog http://civicrm.org/node/566...

Read more
02 June, 2010
Filed under v3.1, CiviCRM

As of now (version 3.1.5), CiviCRM limits finding and merging of duplicate records to users with the "Administer CiviCRM" permission. A recent thread on the forums points out that some organizations will want to allow that privilege to non-administrative users. Having a need for this myself, I'm looking for the best way to do it. If a reasonable solution can be found, I'm hoping the changes will make it into core at some point in the future.

From what I can tell, the heart of the matter is controlling access to two CiviCRM paths: civicrm/admin/deduperules and civicrm/admin/dedupefind. Since these are under civicrm/admin, they require "Administer CiviCRM" privileges.

My basic proposal for moving these into their own permission would include steps along these lines:

  1. Change these paths to civicrm/contact/deduperules and civicrm/contact/dedupefind, which probably means...
Read more
20 May, 2010
Filed under v3.1
We are excited to announce that CiviCRM 3.1.5 has been released, and is now available for download. You can also try it out on our demo site. This release includes 40 bug fixes/improvements to existing functionality. We recommend that sites currently running v3.1.4 or earlier upgrade to this version as soon as possible.


You can download CiviCRM 3.1.5 at our download page. Select from the Newest Files section at the top of the page. The filenames include the 3.1.5 label: civicrm-3.1.5…. Be sure and download the correct version for your CMS (Drupal / Joomla! / Standalone).  

New 3.1.5 Installations

If you are installing CiviCRM 3.1.5 from scratch, use the installation instructions linked below... Read more
20 April, 2010
Filed under v3.1, Drupal
Originally posted at TwoMiceAndAStrawberry.com. I recently had to modify CiviCRM to support a specific use case for a client. In this project I needed to allow the user to enter anything in the Individual Prefix field, rather than choosing from a list of options. The client in this case was very sensitive about presenting the individual's honorific precisely as the individual wants, so that "Dr.," "Rev. Dr.," and "Most Rt. Rev. Dr." should all be possible, along with anything else the user might want to enter. To illustrate the scope of issue: out of the aprox. 20K records in the client's existing database, there were over 400 distinct values for this field. A select list that long is unwieldy in numerous ways, so we knew we'd have to come up with a solution before importing all those records to CiviCRM. What I really wanted -- and what the... Read more
14 April, 2010
Filed under v3.1
We are excited to announce that CiviCRM 3.1.4 has been released, and is now available for download. You can also try it out on our demo site. This release includes ~100 bug fixes/improvements to existing functionality. We recommend that sites currently running v3.1.3 or earlier upgrade to this version as soon as possible.

Notice for Sites Using Moneris Payment Processor

We were unable to obtain an appropriate GPL license for the Moneris plugin code, and therefore that file has been removed from our downloads. If your site uses Moneris for payment processing, you will need follow these directions to download the required code after upgrading your site... Read more
09 March, 2010
By AkronAA
Filed under CiviEvent, v3.1, CiviCRM

Every year in June, around the 10th day, a commemorative event happens in Akron, Ohio - the annual celebration of the founding of Alcoholics Anonymous. Hosted at the University of Akron, over 10,000 participants from around the world gather to celebrate the founding of this wonderful fellowship. In recent years, registration for this all weekend event has moved from mail-in forms to an online registration process. Online registration challenges from the past few years had made us seek a solution to that could handle a surge of registrations in the first 24 hours, and collect all the necessary information required by the University.

In past years, Zen Cart could handle our registrations - it may have even been able to handle it this year, except we needed to collect more infomation than in years' past, and we wanted to still be able to allow multiple registrations per transaction. One serious issue from last year was the server became overloaded as thousands of...

Read more