SECURITY Release: CiviCRM 4.3.4

2013-06-10 09:57
Written by

Today marks the 5th stable release of CiviCRM 4.3. The CiviCRM community has truly rallied to make 4.3 the most reliable and feature-rich version yet - over 60 people contributed patches and testing to 4.3.4 alone.

This is a security release. You should upgrade your site immediately. If you are unable to do so, read the following security bulletins for alternate instructions for securing your site:

SECURITY Fixes in 4.3.4:

You can keep up with the latest security advisories by reguarly visiting or subscribing to the feed.

Noteworthy Bug Fixes in 4.3.4:

Other Enhancements to 4.3.4:

» View the full list of improvements for 4.3.4

CiviCRM is free, open source software made possible through contributions from people like you. If your organization benefits from using CiviCRM AND from the great new features in this release, please consider making a recurring contribution to support the project.


CiviCRM is more compatible than ever, this version has been tested to run with:

  • Drupal 7
  • Drupal 6 (community supported)
  • Joomla 2.5
  • Wordpress 3.4 and higher

New Installations

If you are installing CiviCRM 4.3 from scratch, please use the corresponding automated installer instructions:

Upgrading to 4.3

If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.3.


Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of these people and organizations:

AGH Strategies - Andrew Hunt; Backoffice Thinking; Chris Burgess; Circle Interactive - Andrew Walker, Dave Moreton; CiviDesk - Nicolas Ganivet; CiviHosting - Hershel Robinson; Community Builders; Compucorp; Confluence - Frank Gomez; Dave D; EE-atWork - Erik Hommel; Electronic Frontier Foundation - Micah Lee, Kellie Brownell; Emphanos - Allen Shaw; Fuzion NZ - Eileen McNaughton, Peter Davis, Torrance Hodgeson; Jim Meehan; JMA Consulting - Joe Murray; Keith Morgan; Ken West; Korlon - Stuart Gaston; Koumbit - Samuel Vanhove; Lighthouse Consulting and Design - Brian Shaughnessy; Mathieu Lutfy; New York State Senate - Ken Zalewski; NfP Services (MTL Software Group) - Jag Kandasamy, Rajesh Sundararajan; Niro Solutions; Noah Miller; Palante Technology Cooperative - Jon Goldberg; Progressive Tech Project - Alice Aguilar, Jamie McClelland; Paul Delbar; Registered Nurses Association of Ontario; San Francisco Baykeeper - Eliet Henderson; Tech to the People - Xavier Dutoit; Third Sector Design; Veda Consulting - Parvez Saleh; Web Access - Pradeep Nayak; Zing - Simon West, Andrew Tombs.

Click thumbs up if you thought this blog post was useful (login to vote or to comment)


Thanks to everyone involved in building a better security ethos around CiviCRM.

is version 4.2.9 safe or should we migrate to 4.3.x ?

4.2.9 is not safe and you will need to upgrade. However, there has been a community initiative to offer long-term-support for CiviCRM 4.2. I believe they will be releasing 4.2.10 this week, and it will include all the latest security fixes. So that will be an option if you can't upgrade to 4.3.

But in my opinion 4.3 is so much better than 4.2 that it is worth it to upgrade.