05 June, 2013

Recently I was asked to compile a list of all CiviCRM releases since 3.1.0, identifying which were security releases so that we could make sure clients' sites were secure. The organization I work for (Freeform Solutions) is focused on doing sites for other non-profit organizations, many of whom are still running older versions of CiviCRM due to budgetary or other constraints, so we wanted to be sure that no one was running a version known to contain security vulnerabilities. Since this seemed like the sort of resource that might be useful to other CiviCRM users, I'm sharing it here.

Of course, the simplest approach is probably just making sure any given client is running the latest release of their particular CiviCRM version (4.3.x, 4.2.x, etc.). But this isn't always reliable (as pointed out by Herb in a comment below), because security fixes are not always applied to older versions (currently, versions prior to 4.2 are not being updated...

Read more
17 April, 2013
By totten

IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.

In recent days, multiple site admininistrators have reported evidence that their sites were attacked using vulnerabilities in the OpenFlashChart library included with prior versions of CiviCRM.  This vulnerability was eliminated in the CiviCRM v4.2.6 release (Dec 2012), and site administrators were strongly advised to apply the upgrade. However, as older versions of CiviCRM are still vulnerable, site administrators running outdated versions of CiviCRM should take steps immediately to prevent new attacks and identify past attacks. This blog post provides some background and suggestions.

You can check what version of CiviCRM you are using by looking on any CiviCRM page.  The version is displayed at the bottom of the screen (see screenshot...

Read more
12 September, 2012
By pkeogan

Vanco Payment processor

 

BackOffice Thinking is pleased to release the Vanco payment processor to the CiviCRM community.  Today we are releasing versions for 3.4x and 4.1x and hope to have a 4.2x version shortly.

 

This processor allows single payment and recurring for credit cards and ACH (electronic check)

 

The Vanco payment processor is quite popular among religious organizations and we have been utilizing this processor for past 2 years with many of our clients.  Thanks for all the support from the Vanco team along way.

 

The files, including detailed instructions, can be downloaded here.

Vanco 3.3 and 3.4

Vanco 4.1

 

The installation is more involved than other...

Read more
05 September, 2012
By kurund
Filed under v4.1, CiviCRM

The team is excited to announce the sixth stable release of version 4.1  - with support for Drupal 7, Drupal 6, Joomla 2.5, and Wordpress 3.3. You can download the release now from Sourceforge.

We strongly recommend that you upgrade a test copy of your site and review your critical workflows before upgrading your production site. There have been some bug fixes since the last stable release of 4.1. You can also test-drive the release on each platform using the public demos:

Please report any bugs or issues on the appropriate forum board (what to do if you think you've...

Read more
11 July, 2012
Filed under v4.1, Release

This is a security release. We strongly recommend that all sites upgrade their CiviCRM code to this release.

The team is excited to announce the fifth stable release of version 4.1  - with support for Drupal 7, Drupal 6, Joomla 2.5, and Wordpress 3.3. You can download the release now from Sourceforge.

If you installed 4.1.4 please download and install 4.1.5.

We strongly recommend that you upgrade a test copy of your site and review your critical workflows before upgrading your production site. There have been some bug fixes since the last stable release of 4.1. You can also test-drive the release on each platform using the public demos:

Read more
08 July, 2012
By reperry

 

The Progressive Technology Project has compiled a list of scenarios related to doing searches from our groups’  support requests. We would like to put these forward as suggestions/modifications for Advanced Search or custom searches. Perhaps some have already been solved and are lurking quietly as custom searches that we just don’t have on our radar yet. Please share comments and reactions to these - have any of your clients needed something similar?

In case you don't know us, PTP has trained and supports over fifty community organizing groups in the US using CiviCRM, in addition to our other programmatic work. The version of CiviCRM we support is called PowerBase - it includes the CiviEngage module and CiviCampaign component that facilitate activities that all of these organizing groups do regularly to build people power.

I’ve...

Read more
05 June, 2012
Filed under v4.1, Release

CiviCRM 4.1.3 has been released and is available for immediate download from SourceForge. This is a security release which addresses several potential vulnerabilities. We recommend that you upgrade as soon as possible.

Security Release Details

  • Prevents unauthorized access to certain Ajax URLs
  • Provides additional filtering of end-user HTML input
  • Removes sensitive billing information from cache tables

Bug Fixes and Temporary Data Cleanup

4.1.3 also includes approximately 40 bug fixes, as well as a new "scheduled job" which cleans up temporary data and files. We recommend that all...

Read more
19 April, 2012
Filed under v4.1, Release

CiviCRM team is pleased to announce the next stable release of version 4.1 - with support for Drupal 7, Drupal 6, Joomla 1.7/2.5, and Wordpress 3.3. You can download the release now from Sourceforge.

We strongly recommend that you upgrade a test copy of your site and review your critical workflows before upgrading your production site. There have been significant (~107) bug fixes since the first stable release of 4.1. You can also test-drive the release on each platform using the public demos:

Please report any bugs or issues on the...

Read more
03 March, 2012
By xavier

Hi,

The code sprint in London has finished yesterday. It's always a pleasure to see old civi friends and meet new ones. Thanks to Michael and Katy to have organized it. Time for a quick update of what I've been working on with the most obscure title I could find. My focus has been on usuability to make civicrm easier and faster to use.

 

To make our crm more user friendly, we need to make the pages more "application like", where you can add, edit remove and reorder from the same page without having to switch and go to more pages with forms to fill and save. And load. And wait. And save, and load and wait more...

 

For instance  -and that will be a make it happen that we launch next week to improve- creating a survey today means you have to go to visit a different page to create the survey, the profile, for each field you add in the profile, for each custom field you need to...

Read more
01 March, 2012
Filed under v4.1, Release

The team is excited to announce the second stable release of version 4.1  - with support for Drupal 7, Drupal 6, Joomla 1.7/2.5, and Wordpress 3.3. You can download the release now from Sourceforge.

We strongly recommend that you upgrade a test copy of your site and review your critical workflows before upgrading your production site. There have been significant (~60) bug fixes since the first stable release of 4.1. You can also test-drive the release on each platform using the public demos:

Please report any bugs or issues on the...

Read more