There has been a security release for CiviCRM. Upgrades are available for:
- CiviCRM v5.57.0 (download, release notes)
- CiviCRM v5.56.2 (download, release notes)
- CiviCRM v5.51.4 ESR (info, download, release notes)
These upgrades address the following security issue:
- CIVI-SA-2023-01: Help Subsystem (Remote code execution)
- CIVI-SA-2023-02: CiviEvent (Cross-site scripting)
- CIVI-SA-2023-03: Asset Builder (Cross-site scripting)
What's new in CiviCRM 5.57
There is no way to sugar-coat this - there are some minor interface tweaks, and the rest is mostly developer-oriented.
- Interface: In Contact > Send Mail the 'From' dropdown is now a select2 widget (24957),
- FormBuilder: Support ContactType-specific tabs and blocks (25069), Fill data from related entity/contact (dev/core#3453: 25001), Customizable APIv4-based Autocomplete widget for EntityRef fields (24832), Event entity is now available (24991)
- SearchKit: Make SearchKit Required (24739), SearchKit - Include html columns in spreadsheet download (25126), SearchKit displays descriptions so end user knows the context (dev/core#3980: 24985 and 24942), SearchKit - Add clone button for search displays (24899), Hide deprecated fields from SearchKit & Afform (25113),
- CiviMail: Make flexmailer mandatory (25110), Flexmailer: Prevent broken urls containing hyphens when click tracking is enabled for plain text mailings (25149)
- Tokens: Add support for default value if the token is empty (25031), Bool token formatting (dev/core#3962: 24923),
- Api4: APIv4 Autocomplete - Support searching by ID, customize some entities (24976), Use APIv4-based Autocomplete widget throughout SearchKit, Afform & API Explorer (24974 and 25111), Update location tokens for Contact to new apiv4 style (25032), MessageTemplate schema changes and API4 support (24992), Adding mailing events (unsub, open, clicks, etc) to API4 (Work Towards dev/core#3965: 25059 and 25056), Log API Authorization failed errors (25030)
- CiviImport: Add FormBuilder forms to CiviImport (25072), Create MVP UI for imports when background queue processing is taking place (25041), Use search display to view errors when using CiviImport extension (25038), Add Imports search (25081), Add 'my imports' to Reports navigation (25086)
- Hooks: Support multiple contact_type in hook_civicrm_tabset (25101),
- CiviCRM Log files: Use domain id in log file name making it easy to find correct log file (dev/core#3136: 24893)
- civix: Add entity-types-php mixin (24947)
This release was developed by the following code authors:
AGH Strategies - Alice Frumin, Andie Hunt; BrightMinded Ltd - Bradley Taylor; Christian Wach; CiviCRM - Coleman Watts, Tim Otten; CiviDesk - Yashodha Chaku; civiservice.de - Sebastian Lisken; Coop SymbioTIC - Mathieu Lutfy, Shane Bill; Dave D; Craft Coders - Sebastian Gellweiler; Humanists UK - Andrew West; JMA Consulting - Monish Deb, Seamus Lee; John Kingsnorth; Luna Design - Andrew Wasson; Megaphone Technology Consulting - Jon Goldberg; MJW Consulting - Matthew Wire; Progressive Technology Project - Jamie McClelland; Squiffle Consulting - Aidan Saunders; Third Sector Design - Kurund Jalmi; Wikimedia Foundation - Eileen McNaughton; Wildsight - Lars Sanders-Green.
Most authors also reviewed code for this release; in addition, the following reviewers contributed their comments:
Agileware - Justin Freeman; Artful Robot - Rich Lott; Australian Greens - Andrew Cormick-Dockery; Circle Interactive - Dave Jenkins; Freeform Solutions - Herb van den Dool; Nicol Wistreich; Tadpole Collective - Kevin Cristiano.
- Job title on relationship - Use employer relationship description to store the job title and then synchronize the contact summary job title with the primary employer relationship. Work in Progress. By Samuel Vanhove - Coop SymbioTIC
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.
- Make a donation or contribute to a Make it happen campaign.
- If your organization wants to support our work, please become a member today.
- If you are a CiviCRM service provider, please become a partner.
CiviCRM is community driven and is sustained through contributions, good vibes, solidarity, and financial support from its community. Help CiviCRM do a world of good.