CiviCRM 5.78.2, 5.75.4-ESR Security Release

Pubblicato

2024-10-16 17:24

Written by

dev-team - official CiviCRM announcement

There has been a security release for CiviCRM. Upgrades are available for:

CiviCRM v5.78.2 (download, release notes)
CiviCRM v5.75.4 ESR (info, download, release notes)

These upgrades address the following security issue:

CIVI-SA-2024-04: Copy/Clone Actions (CSRF)
CIVI-SA-2024-05: Multiple AJAX End-Points (CSRF)
CIVI-SA-2024-06: Source and Name Fields (XSS)
CIVI-SA-2024-07: Symbolic Link Cleanup
CIVI-SA-2024-08: PhpSpreadsheet
CIVI-PSA-2024-01: wkhtmltopdf (EOL)

Support CiviCRM

We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.

Make a donation or contribute to a Make it happen campaign.
If your organization wants to support our work, please become a member today.
If you are a CiviCRM service provider, please become a partner.

CiviCRM is community driven and is sustained through contributions, good vibes, solidarity, and financial support from its community. Help CiviCRM do a world of good.

Filed under

Extended Security Release

Release announcements

Security Releases

CiviCRM 5.78.2, 5.75.4-ESR Security Release

Support CiviCRM

The Visitor Experience of Recurring Contributions

The Benefits of Running A/B Tests for Mass Email Campaigns

CiviCRM 5.79 Release

The #CiviOneClick project – increasing CiviCRM’s accessibility

Next steps for CiviCRM Standalone

Composer installers and CiviCRM

Developer content: Down the rabbit hole with Redis

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Lingue

CiviCRM 5.78.2, 5.75.4-ESR Security Release

Support CiviCRM

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM