Announcing CiviCRM 4.6.21 and 4.7.11 Security Release

Published
2016-09-07 13:52
Written by

December 2016: Looking for the 4.7.14 / 4.6.24 release annoucement? Here it is!

The latest release of CiviCRM 4.6 and 4.7 includes security fixes. We recommend upgrading to 4.7.11 or 4.6.21 to ensure the security of your site and data. The latest releases include 9 security fixes and improvements. A number of other non-security issues have also been fixed in the latest releases.

To determine the impact of security fixes and improvements on your system, please review these advisories:

Important Release Notes

The September 7th release includes a few changes which may be particular notable for upgrades:

  • The performance of the CiviCRM dashboard should be significantly improved.
  • In the CiviCRM log file ("CiviCRM.xxxxxxxx.log"), the "xxxxxxxx" may change. (CIVI-SA-2016-15)
  • If you use the features "civicrm/bin/migrate/*.php" or "Import Contacts => SQL", you may need to update user permissions. (CIVI-SA-2016-14, CIVI-SA-2016-16)

Special Thanks

Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of many people. For the September 7th release, special thanks go to:

  • Chris Burgess, Eileen McNaughton, Seamus Lee, Pradeep Nayak, Kevin Levie, Frank Gomez, and Lateral Security for their contributions on security issues.
  • To all the developers who wrote or reviewed other improvements to this revision, including: Alan Dixon, Alice Frumin, Allen Shaw, Andrew Hunt, Andy Walker, Arit Kumar Nath, Elliott Eggleston, Francesc Bassas, Frank Gomez, Franky Van Liedekerke, Geoff St Pierre, Grzegorz Grzywna, Herb van den Dool, Jerome Charaoui, John Kingsnorth, John Kirk, Jon Goldberg, Jose Torres, Ken Williams, litespeedmarc, Mathieu Lutfy, Mattias Michaux, Nicolas Ganivet, Omar Abu Hussein, rocxa, Saurabh Batra, Tomasz Pietrzkowski, tschuettler, and Yosef Romano.
  • To all the members of the core development team, including: Coleman Watts, Jitendra Purohit, Monish Deb, Tim Otten, and Yashodha Chaku.
  • Wikimedia Foundation for supporting improvements in the dashboard.
     

For a list of other contributors who have participated in the 4.7 cycle, see the previous release announcements.

What's New In CiviCRM 4.7

  • Administrator Status Page - Provides CiviCRM site administrators a single place to check configuration issues including cron status, permissions, optimal system settings, etc.
  • Dedupe improvements - Optimizes duplicate contact identification and merging for organizations with large numbers of duplicates.
  • Changes to WYIWYG editor - Incorporates the new CK Configurator directly in CiviCRM, allowing easy selection of plugins and themes.
  • Payment processing improvements - Thanks to Eileen for overhauling the payment system to be more reliable and to support token-based recurring payments as well as non-credit card payment methods.
  • Many useful improvements to contribution and activity reports.
  • API enhancements - the api now supports joins across related entities, and filtering by custom fields - Big thanks to johanv for this!

Along with this and other exciting new features, this release includes 50+ fixes and minor improvements.

New Installations

If you are installing CiviCRM 4.7 from scratch, please use the corresponding automated installer instructions:

Authorize.net users:: Prior to 4.7, CiviCRM forced Authorize.net to send out receipt emails regardless of Authorize.net configuration. From 4.7 onwards this will not happen and you should log into your Authorize.net interface and configure whether you want Authorize.net to send out receipts (in addition to those sent by CiviCRM).

Lybunt report users:: Some fields that were previously mandatory on Lybunt are now optional. On new reports they are on by default but you might need to check the fields you want are selected for existing reports.

Upgrading to 4.7

If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.7.

Filed under