09 September, 2014
By totten
Filed under v4.4, v4.3, v4.2, Community, Release, Security

We’ve been having some discussions among the folks who triage security issues, who publish new releases, and who maintain backports. We'll update the policy beginning with the upcoming 4.4.7 release (and related 4.2.19 and 4.3.9 releases).

Release Policy: The release window

For the past year (at least), the policy has been that new security releases must drop on the first Wednesday of a given month, and that other releases can drop anytime (with an undocumented requirement to target Tue/Wed/Thu). This aimed to strike a balance among predictability, security, and flexibility.

The revised policy is to allow stable point-releases on the first or third Wednesday of the month. This is another attempt to balance predictability/security/flexibility, and has a few notable implications:

  • Overall, it’s more predictable...
Read more
06 November, 2013

A moderately critical security issue has just been fixed in CiviCRM. We recommend you immediately upgrade to one of the following newly released versions:

Read the following security announcement for details:

https://civicrm.org/advisory/civi-sa-2013-010-sql-injection-permissioned-users

You can keep up with the latest security advisories by signing up for email alerts or the RSS feed. You can see past advisories at...

Read more
15 October, 2013
Filed under v4.4, v4.3, Extensions
Pheph, if you thought that was good... wait for this one.
 
Post no 2: Gift Aid Module v2.1
 
Growing older isn't fun, but on the case of CiviCRM extensions it sure is. We're pleased to celebrate the CiviCRM Gift Aid 2.1 and "stable" release.
 
Yup thats right. No more cries of "what is that Git thing" and "how do I register a new report", you can now get all the Gift Aid(ing) goodness direct from the extensions tab. 
 
Thats not all, it still plays nicely with the super cool "I didint even have to print any paper" Gift Aid online submissions module that you can get here.
 
But whats that we hear you cry? You already broke several fingernails and needed 2 months of rehab after downloading and installing version 1.0 or version 2.0 from GitHub?
... Read more
02 October, 2013

A critical security issue has just been fixed in CiviCRM. For the safety of your CiviCRM data you should immediately upgrade to one of the following newly released versions:

If you are unable to upgrade at this time, read the following security announcement for alternate solutions:

http://civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability

You can keep up with the latest security advisories by reguarly visiting http://civicrm.org/advisory or subscribing to the...

Read more
25 September, 2013
Filed under v4.3, v4.2, Release

The CiviCRM core team and community of developers and implementers are proud to present...

  • 4.3.6 The latest stable version of CiviCRM
  • 4.2.11 An updated LTS version

Which one should I use?

In most situations, and if you are new to CiviCRM, you should choose the latest stable version. It contains new features and receives the most support. 4.2 LTS (long term support) is provided for those organizations who are using an older version of CiviCRM and are not yet ready to upgrade; it receives critical bug fixes only. More about 4.2 LTS.

Noteworthy Fixes in 4.3.6:

Read more
27 August, 2013
Filed under v4.3, CiviCRM, Extensions, Joomla

For the past several months, my team at the Alliance for Catholic Education at the University of Notre Dame have been working on developing a mobile client for CiviCRM. It is now hosted on GitHub HERE.

So what exactly does it do, and what is its purpose?  We know that with the increasingly mobile world, client relations need to be accessible on-the-go.  This is the main motivation behind the work we've done with our CiviCRM Mobile Client (not to be confused with CiviMobile). We have a demo running HERE.  Right now the client has functionality for viewing, searching, editing, and adding contacts with basic fields, notes and relationships (we have organizations, activities and tasks, also in the works but they’re a little buggy right now). We use the Client exclusively with Joomla right now and are very pleased with how it is developing.

...

Read more
26 July, 2013
Filed under v4.3, CiviCRM, Extensions

Howdy partners!

Even though London has become hotter then the face of the sun over the past few days we've been busy beavering away on an update to the UK Gift Aid module to support compatability for Civi v4.3 and to add some new and exciting features.

You can of course download the module from the extensions directory (here) and full instructions of how to install and use are (here).

Updated features:

  • v4.3 compatability
  • Able to now select a batch from a drop down list in the contribution search
  • Able to remove contributions from a batch
  • Plays nicely with the online submission module so you cant remove submitted contributions from a batch
  • Able to change the gift aid percentage (now held in an option group)
  • Improved install and uninstall /...
Read more
08 July, 2013

Announcing the 6th stable release of CiviCRM 4.3, containing small bug fixes and two minor security updates to make your CRM more stable and secure.

This is a security release. You should upgrade your site immediately. If you are unable to do so, read the following security bulletins for alternate instructions for securing your site:

SECURITY Fixes in 4.3.5:

You can keep up with the latest security advisories by reguarly visiting http://civicrm.org/advisory or subscribing to the...

Read more
05 June, 2013

Recently I was asked to compile a list of all CiviCRM releases since 3.1.0, identifying which were security releases so that we could make sure clients' sites were secure. The organization I work for (Freeform Solutions) is focused on doing sites for other non-profit organizations, many of whom are still running older versions of CiviCRM due to budgetary or other constraints, so we wanted to be sure that no one was running a version known to contain security vulnerabilities. Since this seemed like the sort of resource that might be useful to other CiviCRM users, I'm sharing it here.

Of course, the simplest approach is probably just making sure any given client is running the latest release of their particular CiviCRM version (4.3.x, 4.2.x, etc.). But this isn't always reliable (as pointed out by Herb in a comment below), because security fixes are not always applied to older versions (currently, versions prior to 4.2 are not being...

Read more
18 April, 2013
Filed under v4.3

Thanks to everyone pitching in over the past week we've released the first update to 4.3 today, with 42 small but important improvements. It is available for download now, and all site admins are encouraged to upgrade.

IMPORTANT: Payment notifications back to CiviCRM do not work properly for PayPal Website Standard transactions in 4.3.0 (this means the contributions will display as "Pending - Incomplete Transaction' even though the payment has been completed at PayPal). If your organization uses this payment method AND you've already upgraded to 4.3.0 - you should upgrade to 4.3.1 immedately.

CiviCRM is free, open source software made possible through contributions from people like you. If your organization benefits from using CiviCRM AND from the great new...

Read more
randomness