Note that if you are using the extended reports extension on 4.6.38 you should uninstall it. The version that was installable on 4.6 is affected by one of the issues and there is no support for 4.6 in the extension
Published
2018-07-19 06:16
The latest release of CiviCRM 5.3.1 and 4.6.38 includes security fixes. This is a critical security release, we recommend upgrading to 5.3.1 and 4.6.38 to ensure the security of your site and data as soon as possible.
- CIVI-SA-2018-07 Remote code execution in QuickForm
- CIVI-SA-2018-06 Reflected XSS in context parameter
- CIVI-SA-2018-05 Reflected XSS in contact merge screen
- CIVI-SA-2018-04 SQL injection in custom groups
- CIVI-SA-2018-03 Reflected XSS in error message
- CIVI-SA-2018-02 Reflected XSS in reports
- CIVI-SA-2018-01 SQL injection in get-cases AJAX API
NEW INSTALLATIONS
If you are installing CiviCRM 5.3 from scratch, please use the corresponding automated installer instructions:
Filed under