A critical security issue has just been fixed in CiviCRM. For the safety of your CiviCRM data you should immediately upgrade to one of the following newly released versions:
If you are unable to upgrade at this time, read the following security announcement for alternate solutions:
http://civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability
You can keep up with the latest security advisories by reguarly visiting http://civicrm.org/advisory or subscribing to the feed.
Other Bug Fixes in 4.3.7
- In IE8, accordion controls do not work for Advanced Search form
- Email receipt/confirmation do not attach PDF files
Comments
The advisory applies to all versions of CiviCRM, but only the three most recent versions have been issued with fixes.
For versions before 4.2, are there any alternatives other than upgrading?
For example - has anyone tested that patch on 4.1?
It is required and will not cause breakage on older versions