Recently I was asked to compile a list of all CiviCRM releases since 3.1.0, identifying which were security releases so that we could make sure clients' sites were secure. The organization I work for (Freeform Solutions) is focused on doing sites for other non-profit organizations, many of whom are still running older versions of CiviCRM due to budgetary or other constraints, so we wanted to be sure that no one was running a version known to contain security vulnerabilities. Since this seemed like the sort of resource that might be useful to other CiviCRM users, I'm sharing it here.
Of course, the simplest approach is probably just making sure any given client is running the latest release of their particular CiviCRM version (4.3.x, 4.2.x, etc.). But this isn't always reliable (as pointed out by Herb in a comment below), because security fixes are not always applied to older versions (currently, versions prior to 4.2 are not being updated...Read more
IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.
In recent days, multiple site admininistrators have reported evidence that their sites were attacked using vulnerabilities in the OpenFlashChart library included with prior versions of CiviCRM. This vulnerability was eliminated in the CiviCRM v4.2.6 release (Dec 2012), and site administrators were strongly advised to apply the upgrade. However, as older versions of CiviCRM are still vulnerable, site administrators running outdated versions of CiviCRM should take steps immediately to prevent new attacks and identify past attacks. This blog post provides some background and suggestions.
You can check what version of CiviCRM you are using by looking on any CiviCRM page. The version is displayed at the bottom of the screen (see screenshot...
I have been leveraging the CiviCase component of CiviCRM to help a crisis response organization transition to a paperless process. I was originally tasked with "fixing" a Microsoft implementation of a custom web application written in VBScript and MS SQL Server but after fighting with the former developers horrible code I finally decided to migrate the system over to an open source LAMP implementation leveraging J! 1.5 and CiviCRM 3.1.
My client is a leading provider of crisis psychiatric care and system management services to public and private entities. In addition they are a non-profit that manages mental health outreach and psychiatric recovery services (www.thesantegroup.org). Some of the services they provide include:
- Crisis Response Services
- Hotline telephone support for individuals and family members in crisis, mental...Read more
This week we're releasing CiviCRM 3.1.6 and 3.2.beta5 - they are both regular bugfix releases, however, they also bring a fix to recently discovered security vulnerability, which in specific conditions allows an unauthorized person to access some CiviCRM functionality. Please make sure you upgrade your production installations running 3.1.5 and earlier to 3.1.6 to avoid the risk.For 3.1.6 upgrade instructions check: Drupal Upgrade, Joomla! Upgrade and Standalone Upgrade instructions. Make sure not to confuse 3.1 (which is stable version) with 3.2 (which is still beta) when downloading the upgrade bundle - even though it's already quite solid, you don't want to end up with beta... Read more
UPDATE: Dec 17, 2010
dharmatech has contributed a similar module to drupal.
d.o. page: http://drupal.org/project/civievent_discount
great job dharmatech!
UPDATE: Dec 2, 2010
I uploaded the module for a CVS account at d.o. Check this page http://drupal.org/node/977826
Please post suggestions
JULY 6, 2010
I have been working on integrating discount system in civicrm for a project. I came across a good blog http://civicrm.org/node/566...Read more
As of now (version 3.1.5), CiviCRM limits finding and merging of duplicate records to users with the "Administer CiviCRM" permission. A recent thread on the forums points out that some organizations will want to allow that privilege to non-administrative users. Having a need for this myself, I'm looking for the best way to do it. If a reasonable solution can be found, I'm hoping the changes will make it into core at some point in the future.
From what I can tell, the heart of the matter is controlling access to two CiviCRM paths: civicrm/admin/deduperules and civicrm/admin/dedupefind. Since these are under civicrm/admin, they require "Administer CiviCRM" privileges.
My basic proposal for moving these into their own permission would include steps along these lines:
- Change these paths to civicrm/contact/deduperules and civicrm/contact/dedupefind, which probably means...
DownloadYou can download CiviCRM 3.1.5 at our download page. Select from the Newest Files section at the top of the page. The filenames include the 3.1.5 label: civicrm-3.1.5…. Be sure and download the correct version for your CMS (Drupal / Joomla! / Standalone).
New 3.1.5 InstallationsIf you are installing CiviCRM 3.1.5 from scratch, use the installation instructions linked below... Read more
Notice for Sites Using Moneris Payment ProcessorWe were unable to obtain an appropriate GPL license for the Moneris plugin code, and therefore that file has been removed from our downloads. If your site uses Moneris for payment processing, you will need follow these directions to download the required code after upgrading your site... Read more
Every year in June, around the 10th day, a commemorative event happens in Akron, Ohio - the annual celebration of the founding of Alcoholics Anonymous. Hosted at the University of Akron, over 10,000 participants from around the world gather to celebrate the founding of this wonderful fellowship. In recent years, registration for this all weekend event has moved from mail-in forms to an online registration process. Online registration challenges from the past few years had made us seek a solution to that could handle a surge of registrations in the first 24 hours, and collect all the necessary information required by the University.
In past years, Zen Cart could handle our registrations - it may have even been able to handle it this year, except we needed to collect more infomation than in years' past, and we wanted to still be able to allow multiple registrations per transaction. One serious issue from last year was the server became overloaded as thousands of...Read more