CiviCRM + Drupal SaaS with Member Portal
Published
2023-11-06 08:26
FormBuilder: Support for Contributions
One of the most powerful and important features of FormBuilder is arguably the most complex, hence why we’ve been patient (some might say ‘slow’) in its implementation. We’re talking about support for contributions, i.e. processing payments, in FormBuilder
But, as the saying goes in the great country of Texas, it’s time to “take the bull by the horns”.
Exciting, we know, though maybe not for the bull. Anyhow, before we get saddled up, let’s set a few expectations up front:
CiviCamp Montreal, Canada 2024
26 February - 3 March 2024
Little BIC 1.7.6
Extension
Release Date
Release Version
1.7.6
Release Status
Stable
Release CiviCRM Compatibility
XML
<?xml version="1.0"?>
<extension key="org.project60.bic" type="module">
<file>bic</file>
<name>Little BIC extension</name>
<description>Generates and maintains a list of banks</description>
<license>APGLv3</license>
<maintainer>
<author>B. Endres</author>
<email>endres@systopia.de</email>
</maintainer>
<releaseDate>2023-08-02</releaseDate>
<version>1.7.6</version>
<develStage>stable</develStage>
<urls>
<url desc="Main Extension Page">https://github.com/Project60/org.project60.bic</url>
<url desc="Documentation">https://github.com/Project60/org.project60.bic/blob/master/README.md</url>
<url desc="Support">https://github.com/Project60/org.project60.bic/issues/new</url>
</urls>
<requires>
<php>>=7.3.0 <8.0.0</php>
</requires>
<comments>Originally Developed by Carlos Capote and Björn Endres</comments>
<civix>
<namespace>CRM/Bic</namespace>
</civix>
<classloader>
<psr4 prefix="Civi\" path="Civi" />
</classloader>
</extension>
<extension key="org.project60.bic" type="module">
<file>bic</file>
<name>Little BIC extension</name>
<description>Generates and maintains a list of banks</description>
<license>APGLv3</license>
<maintainer>
<author>B. Endres</author>
<email>endres@systopia.de</email>
</maintainer>
<releaseDate>2023-08-02</releaseDate>
<version>1.7.6</version>
<develStage>stable</develStage>
<urls>
<url desc="Main Extension Page">https://github.com/Project60/org.project60.bic</url>
<url desc="Documentation">https://github.com/Project60/org.project60.bic/blob/master/README.md</url>
<url desc="Support">https://github.com/Project60/org.project60.bic/issues/new</url>
</urls>
<requires>
<php>>=7.3.0 <8.0.0</php>
</requires>
<comments>Originally Developed by Carlos Capote and Björn Endres</comments>
<civix>
<namespace>CRM/Bic</namespace>
</civix>
<classloader>
<psr4 prefix="Civi\" path="Civi" />
</classloader>
</extension>
CIVI-PSA-2023-01: Smarty v2 Audit
Published
2023-09-06 23:59
CiviCRM includes the Smarty v2 templating engine. Templates are defined by core code, by third-party extensions, and by configurable content. The upstream smarty.net project has stopped publishing security backports for Smarty v2, so civicrm.org will do so (until a migration to a newer Smarty is complete).
As part of this, the CiviCRM security team has done a detailed audit to compare recent issues from v2/v3/v4.
CIVI-SA-2023-15: CiviEvent XSS
Published
2023-09-06 12:00
CiviEvent included multiple screens with a vulnerability to cross-site scripting (XSS).
CIVI-SA-2023-14: Contact Image CSRF
Published
2023-09-06 12:00
Some administrative actions for "Contact" profile-images lacked sufficient validation, making them vulnerable to a cross-site request forgery (CSRF).
CIVI-SA-2023-13: Survey XSS
Published
2023-09-06 12:00
In CiviCampaign, the "Survey" functionality includes a field that may be vulnerable to cross-site scripting (XSS).
CIVI-SA-2023-12: jQuery Validation DoS
Published
2023-09-06 12:00
The package "jquery-validation" may be vulnerable to a Denial of Service (DoS) involving its handling of regular expressions.
We have not identified an attack scenario affecting CiviCRM, but the update appears to be a safe and sensible precaution.
CIVI-SA-2023-11: Select2 XSS
Published
2023-09-06 12:00
Select2 is an auto-complete widget. In multiple places where CiviCRM uses Select2, it was vulnerable to stored cross-site scripting (XSS) attack.
(We believe that exploiting this requires that both the attacker and the victim have a high-level of access to the same CiviCRM deployment.)
WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM
Make your next CiviCRM implementation a Success.
