CiviCRM for COVID-19 response
CiviLive | June 25, 2020
CiviCRM for COVID-19 response
PDT 9am · MDT 10am · EDT 12
Editorial Office Manager
Editorial Office Assistant with Civi Experience wanted in Oakland, CA for innovative art and science organization.
CiviCRM Do-Ocracy Week
12th - 16th October 2020
CiviCRM Do-Ocracy Week
PS: We mis
Contributor Listing: Update
The transition of civicrm.org to Drupal 8 continues and, in the process, we’re taking time to clean up aspects of the site including revising its content and navigation, and reducing technical debt. One particular area that we’ve spent a great deal of time on involves the listing and recognition of both CiviCRM partners and contributors. Here are a few issues that touch on this process for you if you need some ‘light’ reading this weekend (in no particular order):
CiviCRM + WordPress taken to a whole new level
This demo showcases some of the deep integrations between CiviCRM and WordPress that are available at Greenleaf ONE, a unified fundraising and communications platform. No registration required to access the demo data. You're gonna love what you can do with Greenleaf ONE!
WordPress + Caldera Forms
This is a fully functional demo that allows you to see CiviCRM running on WordPress. You can play with Contacts, Groups, Events, Memberships -- just about everything that CiviCRM offers.
Quarterly Report - Q1 2020
In late January, the CiviCRM Core Team published its 2019 annual report which laid out its objectives for 2020. While we’ve managed the occasional update somewhat randomly in the past, we’d like to stick to a cadence of quarterly updates going forward in order to communicate progress on our priorities. This update provides an overview of the first quarter of 2020 as well as reflects on what we see happening for the remainder of the year.
Let’s start with priorities that we cited where we’ve made some headway.
Purge Logs
Purge Logs is a configurable API Job, to remove files older than a defined timeframe. The main intention is to get rid of old rotated CiviCRM.*.log files,
but it can be applied to any system or customized file that it's in civicrm/files/ folder.
CiVI-SA-2020-08: XSS via JS libraries
Two Javascript libraries (QUnit and Google Code Prettify) are used with CiviCRM. These libraries include some assets which can be used in a cross-site scripting attack and which are not required for CiviCRM at runtime.
CIVI-SA-2020-07: CSRF in Scheduled Jobs
The "Schedule Jobs" page was vulnerable to a cross-site request forgery. If an administrative user visited a malicious page outside of CiviCRM, the malicious page could trick that user's browser into executing a job on the CiviCRM site.
