There has been a security release for CiviCRM. Upgrades are available for:
- CiviCRM v5.47.2 (download, release notes)
- CiviCRM v5.46.3 (download, release notes)
- CiviCRM v5.45.4 ESR (download, release notes)
NOTE: At time of writing, CiviEvent deployments should use v5.45 ESR or v5.46. Please wait before migrating to v5.47. (more info)
These upgrades address security issues:
- CIVI-SA-2022-01: CiviContribute, Access Bypass
- CIVI-SA-2022-02: CiviEvent Importer, SQL Injection
- CIVI-SA-2022-03: Permission Advice
- CIVI-SA-2022-04: jQuery UI v1.13
- CIVI-SA-2022-05: CKEditor v4.18
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.
- Make a donation or contribute to a Make it happen campaign.
- If your organization wants to support our work, please become a member today.
- If you are a CiviCRM service provider, please become a partner.
Unable to download ESR 5.45.4
@davephassall Please contact firstname.lastname@example.org if you are an ESR subscriber and cannot access it. You can also subscribe here: https://civicrm.org/esr#pricing