We’ve been having some discussions among the folks who triage security issues, who publish new releases, and who maintain backports. We'll update the policy beginning with the upcoming 4.4.7 release (and related 4.2.19 and 4.3.9 releases).
LTS release 4.2.16 is now on sourceforge. Unfortunately there is an error on some admin pages in 4.2.15 which happened because the porting of the security patch was rushed. Hopefully this won't occur in future. Note the job.create api has also been added to the LTS (this is extra code only - no existing code was altered to port this)
Here it is folks, another thrilling update to everyone's favorite CRM for the social profit sector. This edition brings you maintenance and stability improvements to the latest version plus an update from the LTS team as well.
A critical security issue has just been fixed in CiviCRM. For the safety of your CiviCRM data you should immediately upgrade to one of the following newly released versions:
The CiviCRM core team and community of developers and implementers are proud to present...
About 4.2.10 LTS
The community of developers and implementers is proud to announce the 4.2.10 LTS release of CiviCRM. LTS stands for "long term support" and the purpose of this release is three fold:
1. To provide bug and security fixes to those who are not ready to upgrade to CiviCRM 4.3 just yet
2. To increase the reliability of an existing CiviCRM release
Well this is my first post on the CivCRM Blog and I am very honoured to have been given the privilege by David Greenberg. We are a CRM consulting company - meaning that we provide consulting and advice to companies who require a CRM system or who have a CRM system in place but want to know how to use it to its full capacity.
Recently I was asked to compile a list of all CiviCRM releases since 3.1.0, identifying which were security releases so that we could make sure clients' sites were secure. The organization I work for (Freeform Solutions) is focused on doing sites for other non-profit organizations, many of whom are still running older versions of CiviCRM due to budgetary or other constraints, so we wanted to be sure that no one was running a version known to contain security vulnerabilities.
IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.