CIVI-SA-2024-08: PhpSpreadsheet

Közzétéve
2024-10-16 12:00
Written by

The bundled library "PhpSpreadsheet" has issued multiple security advisories.

Security Risk
Critical
Vulnerability
Other
Affected Versions

CiviCRM versions 5.78.1 and earlier

Fixed Versions

CiviCRM versions 5.78.2 and 5.75.4 (ESR)

Publication Date
Solutions

Any ONE of the following:

  • Upgrade to the fixed version of CiviCRM
  • Manually update PHPSpreadsheet
  • Disable the extension "Civi-Import"
Credits
  • Development/Review: Eileen McNaughton of Wikimedia Foundation; Seamus Lee of JMA Consulting; Tim Otten of CiviCRM
References
  • GHSA-6hwr-6v2f-3m88
  • GHSA-5gpr-w2p5-6m37
  • GHSA-w9xv-qf98-ccq4
  • GHSA-wgmf-q9vr-vww6
  • GHSA-r8w8-74ww-j4wh
  • GHSA-ghg6-32f9-2jp7
  • GHSA-v66g-p9x6-v98p