There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:
- CiviCRM v5.10.3
- CiviCRM v5.7.4 ESR
In addition to the security fixes, this release includes two regression fixes.
Below are the security advisories details:
- CIVI-SA-2019-01: Weak Access-Control for File Attachments
- CIVI-SA-2019-02: SQL Injection in "PrevNext" Cache
- CIVI-SA-2019-03: Cross-Site Scripting in "Logging Details" Report
Do you want to restrict registration to certain events to logged in members only but still have other events open to the public? If the answer to the above question is yes, then this extension is for you. This extension allows you to set a flag to any event so registration is restricted to those that have a current membership.
A custom data set called “Member only event?” Is created once this extension has been installed. The custom data has been set to be used for Events and the option “Is this Custom Data Set public?” is unchecked so that this information is not visible on the event info page. Some default Pre-form Help text has also been set which can be amended as required.
The extension also comes with a UI to set membership statuses for members that should be eligible to register for member only...
The latest release of CiviCRM 5.3.1 and 4.6.38 includes security fixes. This is a critical security release, we recommend upgrading to 5.3.1 and 4.6.38 to ensure the security of your site and data as soon as possible.
- CIVI-SA-2018-07 Remote code execution in QuickForm
- CIVI-SA-2018-06 Reflected XSS in context parameter
- CIVI-SA-2018-05 Reflected XSS in contact merge screen
- CIVI-SA-2018-04 SQL injection in custom groups
- CIVI-SA-2018-03 Reflected...