There has been a security release for CiviCRM. Upgrades are available for:
- CiviCRM v5.50.0 (download, release notes)
- CiviCRM v5.49.4 (download, release notes)
- CiviCRM v5.45.6 ESR (download, release notes)
These upgrades address the following security issue:
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen. We thank all our partners, members and ESR subscribers, who are regular financial contributors. If you can, please donate.
What's new in CiviCRM 5.50
As usual there is a very long list of changes that make CiviCRM more reliable and easier to use. Below are some items that might make sense to some people. Hopefully, if a topic interests you, we recommend reading the associated references, which should make more sense.
- System Check - Add a reminder about CIVICRM_SIGN_KEYS, required by FormBuilder and Authx (23224)
- Restrict allowed uploads - contact image (23147)
- Add tracking table for import jobs (dev/core#1307: 23199 and 23245)
- Api4: CustomFields - Improve metadata about which custom groups belong to which entities. (23336), Add NOW() date function (23378), Add MONTH sql function (23377), Add
is_activeextra field to Domain entity, to make it easier to get the current active domain (22159), Add
Managed::reconcileaction. (23243), Implement countFetched() and countMatched() on api4 results. (22115)
- SearchKit: Add data segmentation functionality. Creates virtual fields based on flexible segmentation criteria. (23059), Add date pseudo-fields (23381)
- FormBuilder (Afform): make survey title available in form builder (23322), Dispatch event to alter admin metadata; provide mixin, allowing extensions to add to the list of available entities, elements, input types, styles, etc (23303), Improve dragging into dropzones (23239), Optional reset button for search and submit forms (dev/core#3430: 23334), Add icons for SavedSearch and SearchDisplay entities (23149)
- Smartgroups: Simplify and improve performance of query to insert updated cache (21943)
- CiviCampaign: Make links to sign a petition easily accessible on the form. (23316)
- CiviCase: Activity Type + Activity Status + Case Type not being Combined Correctly in Search Builder. This makes
CaseTypein APIv4 a managed entity. This is part of a move towards having all cases defined in configuration and deprecating XML-defined case types. (dev/core#3249: 23313), Fix Case Resources cuts off at 25 contacts when creating case activity (dev/core#3431: 23327)
- WordPress: Improve error screen user experience by displaying site theme/decorations (22805), On the website front-end, CiviCRM page heading should start from h2 and not h1 (23324)
- Upgrader - Add support for automatic snapshots (23522 and 23544). Adds a utility for recording a snapshot of certain columns in a database table prior to applying any upgrade steps to it. This will make it easier to roll back or compare changes if necessary after the upgrade. For now, the feature is disabled by default.
This release was developed by the following code authors:
AGH Strategies - Alice Frumin, Andie Hunt; Agileware - Justin Freeman; Benjamin W; BrightMinded Ltd - Bradley Taylor; Circle Interactive - Pradeep Nayak; CiviCRM - Coleman Watts, Tim Otten; CiviDesk - Yashodha Chaku; Coop SymbioTIC - Mathieu Lutfy, Samuel Vanhove; Dave D; Freeform Solutions - Herb van den Dool; Ginkgo Street Labs - Michael Z Daryabeygi; iXiam - Luciano Spiegel; JMA Consulting - Monish Deb, Seamus Lee; John Kingsnorth; Joinery - Allen Shaw; Lighthouse Consulting and Design - Brian Shaughnessy; Megaphone Technology Consulting - Jon Goldberg; MJW Consulting - Matthew Wire; Progressive Technology Project - Jamie McClelland; Third Sector Design - Kurund Jalmi; Wikimedia Foundation - Eileen McNaughton
Most authors also reviewed code for this release; in addition, the following reviewers contributed their comments:
Andreas Howiller; Andy Burns; Artful Robot - Rich Lott; Australian Greens - John Twyman; Betty Dolfing; Christian Wach; Circle Interactive - Dave Jenkins, Matt Trim; CiviCoop - Jaap Jansma; iXiam - Vangelis Pantazis; JMA Consulting - Edsel Lopez; John Kingsnorth; Joinery - Allen Shaw; Nicol Wistreich; Tadpole Collective - Kevin Cristiano
- CiviCRM 5.49 had issues with Scheduled Reminders. It should be fixed, but you may want to check your configurations, notably with the "limit" filter (which resulted in reminders being sent to more people than expected).
- Monish is working on improving Joomla!4 support
- Input wanted on: membership sorting, exception handling, participant counts, sms tokens, doubts on the usefulness of the USPS integration.
- A lot of work going on around improving imports (having a proper queue, avoid timeouts, code cleanup).
- Reminder for extension authors to update their "civix" files for PHP 8.0 support.
- Eileen is prepared (pending PR review) to name Justin Freeman an honorary kiwi, for his work on long-term (non-trivial) fixes for complex issues.
For more, subscribe to Eileen's dev-digest.
- Case Summary - Similar to the CiviCase Dashboard, but using SearchKit. By Aydan Sanders - Squiffle Consulting Ltd.
- Event RSVP Reminders - Adds functionality to capture Event Invitations responses. By Miguel Almeida.
- Bulk update recurring contributions - Provides a way to bulk-update recurring contribution records, e.g. if your membership prices go up. By Rich Lott - Artful Robot.
- Google Groups Integration - Synchronize contacts from CiviCRM groups to Google Group. By Deepak Srivastava - Mountev Ltd.
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.
- Make a donation or contribute to a Make it happen campaign.
- If your organization wants to support our work, please become a member today.
- If you are a CiviCRM service provider, please become a partner.
CiviCRM is community driven and is sustained through contributions, good vibes, solidarity, and financial support from its community. Help CiviCRM do a world of good.