Security Release Announcement - Version 4.1.3

Published
2012-06-05 15:13
Written by
Dave Greenberg - member of the CiviCRM community - view blog guidelines

CiviCRM 4.1.3 has been released and is available for immediate download from SourceForge. This is a security release which addresses several potential vulnerabilities. We recommend that you upgrade as soon as possible.

Security Release Details

  • Prevents unauthorized access to certain Ajax URLs
  • Provides additional filtering of end-user HTML input
  • Removes sensitive billing information from cache tables

Bug Fixes and Temporary Data Cleanup

4.1.3 also includes approximately 40 bug fixes, as well as a new "scheduled job" which cleans up temporary data and files. We recommend that all sites run this job on a hourly basis.

Upgrade Instructions

Filed under

Comments

Upgrading to the latest version of CiviCRM is highly recommended. For sites who aren't able to immediately upgrade from some earlier version, we've made a hotfix module available.

See www.giantrobot.co.nz/blog/cccccc for info and downloads.