We are excited to announce the security releases for 4.6.14 and 4.7.3. The latest releases of CiviCRM 4.7 and 4.6 include 2 less critical security fixes. A number of other non-security issues have also been fixed in the latest releases.
- CIVI-SA-2016-05: Privilege escalation by backend users
- CIVI-SA-2016-06: Bundled TCPDF library update
What's New In CiviCRM 4.7
- Administrator Status Page - Provides CiviCRM site administrators a single place to check configuration issues including cron status, permissions, optimal system settings, etc.
- Dedupe improvements - Optimizes duplicate contact identification and merging for organizations with large numbers of duplicates.
- Changes to WYIWYG editor - Incorporates the new CK Configurator directly in CiviCRM, allowing easy selection of plugins and themes.
- Payment processing improvements - Thanks to Eileen for overhauling the payment system to be more reliable and to support token-based recurring payments as well as non-credit card payment methods.
- Many useful improvements to contribution and activity reports.
- API enhancements - the api now supports joins across related entities, and filtering by custom fields - Big thanks to johanv for this!
Along with this and other exciting new features, this release includes 10+ fixes and minor improvements.
New Installations
If you are installing CiviCRM 4.7 from scratch, please use the corresponding automated installer instructions:
Authorize.net users:: Prior to 4.7, CiviCRM forced Authorize.net to send out receipt emails regardless of Authorize.net configuration. From 4.7 onwards this will not happen and you should log into your Authorize.net interface and configure whether you want Authorize.net to send out receipts (in addition to those sent by CiviCRM).
Lybunt report users:: Some fields that were previously mandatory on Lybunt are now optional. On new reports they are on by default but you might need to check the fields you want are selected for existing reports.
Upgrading to 4.7
If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.7.
Contributors
Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of these people and organizations:
AGH Strategies - Andrew Hunt, Tyrell Cook, Nikki Murray; Agileware - Francis Whittle; Andrew West; Aputsiaĸ Niels Janussen; Aron Novak; Backoffice Thinking; Barbara Miller; Borislav Zlatanov; Brian Dombrowski; Caroline Badley; Christian Wach; Charlie DeTar; Circle Interactive - Dave Jenkins; CiviCoop - Jaap Jansma; CiviDesk - Nicolas Ganivet, Sunil Pawar, Virginie Ganivet; Compucorp - Guanhuan Chen, Jamie Novick; CiviCoop - Jaap Jansma; Coop SymbioTIC - Mathieu Lutfy, Samuel Vanhove; Dave D; David Hayes; Dhanesh Dhuri; Dmitry Smirnov; Elin Waring; Emphanos LLC - Allen Shaw; Esantanche; Freeform Solutions - Lola Slade, Stephanie Gray, Herb van den Dool; Future First - David Knoll, John Prescott; Fuzion NZ - Chris Burgess, Eileen McNaughton, Peter Davis, Torrance Hodgson; Giant Rabbit - Peter Haight; Ginkgo Street Labs - Frank Gomez, Galata Tona, Michael Daryabeygi, Roshani Kothari, Toby Lounsbury; Jake Martin White; Joanne Chester; Joe McLaughlin; Johan Vervloet; John P Kirk; Joris; JMA Consulting - Joe Murray, Pradeep Nayak, Edsel Lopez; gah242s; Greenleaf Advancement - Guy Iaccarino; K Sneed Consulting - Kate Sneed; Kemal Bay; Ken West; Kevin Levie; Korlon - Stuart Gaston; kreynen; Laryn; Lesley Evensen (zorgalina); Lighthouse Consulting and Design - Brian Shaughnessy; Marty Wright; Matthew Wire; Mattias Michaux; Mohit Aggarwal; National Urban League - Lisa Taliano; Nicholai Burton; Niels Heinemann; New York City Council; New York State Senate - Ken Zalewski; Northbridge Digital - Oliver Gibson; Olaf Buddenhagen; Palante Technology Cooperative - Jon Goldberg, Joseph Lacey, Paul Campbell; Progressive Tech Project - Alice Aguilar, Jamie McClelland; Richard Van Oosterhout; RocXa; Saurabh Batra; Seamus Lee; Seb35; Semper IT - Karin Gerritsen; Shawn Holt; Skvare - Jeremy Proffitt, Peter Petrik; Smiling Heart Enterprises - Neil Planchon; Squiffle Consulting - Aidan Saunders; Stephen Palmstrom; Symbiotic - Mathieu Lutfy, Samuel Vanhove; Systopia - Björn Endres, Niko Bochan; Tadpole - Dana Skallman, Kevin Cristiano; Tech to the People - Xavier Dutoit; Thomas Leichtuss; Tim Mallezie; Torenware Networks - Rob Thorne; University of Cambridge – Alex Corr, John Kingsnorth; Veda Consulting - Parvez Saleh, Deepak Srivastava, Kajan; Wanna Pixel - Nathan Porter, Marisa Porter; Web Access - Rohan Katkar, Sudha Bisht; Wikimedia Foundation - Adam Wight; yurg; zarandras.
Comments
I've backported the fix for CIVI-SA-2016-05 to 4.4 if anyone's interested: https://github.com/civicrm/civicrm-core/pull/7918