Published
2024-10-16 12:00
The bundled library "PhpSpreadsheet" has issued multiple security advisories.
Security Risk
Critical
Vulnerability
Other
Affected Versions
CiviCRM versions 5.78.1 and earlier
Fixed Versions
CiviCRM versions 5.78.2 and 5.75.4 (ESR)
Publication Date
Solutions
Any ONE of the following:
- Upgrade to the fixed version of CiviCRM
- Manually update PHPSpreadsheet
- Disable the extension "Civi-Import"
Credits
- Development/Review: Eileen McNaughton of Wikimedia Foundation; Seamus Lee of JMA Consulting; Tim Otten of CiviCRM
References
- GHSA-6hwr-6v2f-3m88
- GHSA-5gpr-w2p5-6m37
- GHSA-w9xv-qf98-ccq4
- GHSA-wgmf-q9vr-vww6
- GHSA-r8w8-74ww-j4wh
- GHSA-ghg6-32f9-2jp7
- GHSA-v66g-p9x6-v98p