CiviCRM 4.1.3 has been released and is available for immediate download from SourceForge. This is a security release which addresses several potential vulnerabilities. We recommend that you upgrade as soon as possible.
Security Release Details
- Prevents unauthorized access to certain Ajax URLs
- Provides additional filtering of end-user HTML input
- Removes sensitive billing information from cache tables
Bug Fixes and Temporary Data Cleanup
4.1.3 also includes approximately 40 bug fixes, as well as a new "scheduled job" which cleans up temporary data and files. We recommend that all sites run this job on a hourly basis.
Comments
Upgrading to the latest version of CiviCRM is highly recommended. For sites who aren't able to immediately upgrade from some earlier version, we've made a hotfix module available.
See www.giantrobot.co.nz/blog/cccccc for info and downloads.
@grobot,
You're a hero! Thanks for your contribution.
Ken
(Warm feelings from across the Tasman, bro.)