CiviCRM | Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

CIVI-SA-2022-03: Permission Advice

Published

2022-03-16 12:00

Written by

Read more about CIVI-SA-2022-03: Permission Advice

This is not a security vulnerability. It is a mitigation to protect against misconfiguration.

CiviCRM includes a large number of configurable permissions. Administrators may assign these permissions to various users and roles. This is powerful functionality that accommodates diverse needs, but it provides the opportunity for misconfiguration.

Misconfigurations may arise for a few reasons, such as:

CIVI-SA-2022-02: CiviEvent Importer, SQL Injection

Published

2022-03-16 12:00

Written by

dev-team

Read more about CIVI-SA-2022-02: CiviEvent Importer, SQL Injection

When importing "Participant" records for CiviEvent, some inputs were not suitably escaped.

CIVI-SA-2022-01: CiviContribute Access Bypass

Published

2022-03-16 12:00

Written by

dev-team

Read more about CIVI-SA-2022-01: CiviContribute Access Bypass

When accessing the Contribution View page insufficient permission checking was occurring which meant that if you knew the url and had the access CiviCRM permission you would be able to view contribution information that you shouldn't have.

I Stand With Ukraine

Published

2022-03-14 03:25

Written by

josh

A few weeks prior to 24 February, I’d given up reading the news. It was a very happy time. Since Russia’s invasion of Ukraine, it’s been hard not to jump back into my Google news feed and periodically check in at NPR. Given the rise of misinformation over the past few years, it’s hard to know what is accurate and what isn’t, so much of what I read I take with a grain of salt.

Updated Privacy Policy & Site Statistics

Published

2022-01-31 03:59

Written by

josh

In the fall of 2021, the CiviCRM Core Team revised and published a privacy policy on https://civicrm.org that meets the requirements set forth by both the European General Data Protection Regulation and the California Consumer Privacy Act. The revised policy is available at https://civicrm.org/privacy-policy

2021 Annual report

Published

2022-01-17 06:46

Written by

josh

The 2021 annual report for the CiviCRM Core Team is now live at https://civicrm.org/annual-report just in time for the Community Round Tables tomorrow.

0.15

Extension

Finsbury Park cross-CMS Admin Theme

Release Date

2021-11-25 - 12:00

Release Version

0.15

Release Status

Stable

Release CiviCRM Compatibility

CiviCRM 5.0

Download URL (zip)

https://lab.civicrm.org/extensions/finsburypark/-/archive/0.15/finsburypark-0.1…

Read more about 0.15

XML

<?xml version="1.0"?>
<extension key="finsburypark" type="module">
<file>finsburypark</file>
<name>Finsbury Park Theme</name>
<description>Lightweight cross-CMS CiviCRM admin theme.</description>
<license>AGPL-3.0</license>
<maintainer>
<author>Nicol Wistreich</author>
<email>nic@visuali.st</email>
</maintainer>
<urls>
<url desc="Main Extension Page">https://lab.civicrm.org/extensions/finsburypark</url>
<url desc="Support">https://visuali.st</url>
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-25-11</releaseDate>
<version>0.15</version>
<develStage>beta</develStage>
<compatibility>
<ver>5.0</ver>
</compatibility>
<comments>A cross-CMS CiviCRM admin theme.</comments>
<classloader>
<psr4 prefix="Civi\" path="Civi"/>
</classloader>
<civix>
<namespace>CRM/Finsburypark</namespace>
</civix>
</extension>

CiviCRM 5.44 Release

Published

2021-12-02 04:00

Written by

dev-team

CiviCRM version 5.44.0 is now out and ready to download. This is a regular monthly release.

Upgrade now for the most stable CiviCRM experience:

Download CiviCRM

Users of the CiviCRM Extended Security Releases (ESR) do not need to upgrade, as there are no ESR-specific bug-fixes or security issues at the moment. The current version of ESR is CiviCRM 5.39.x.

Stripe: Card On File

Read more about Stripe: Card On File

This most welcome enhancement will allow users to edit card details directly in CiviCRM when processing payments through Stripe, thereby making card updates a much easier process.

For a full roadmap of improvements to the Stripe extension, check out: https://docs.civicrm.org/stripe/en/latest/roadmap/#card-on-file-updating-card-details

FormBuilder: Remote Forms

Read more about FormBuilder: Remote Forms

Image of Star Wars themed Remote Forms

CIVI-SA-2022-03: Permission Advice

CIVI-SA-2022-02: CiviEvent Importer, SQL Injection

CIVI-SA-2022-01: CiviContribute Access Bypass

I Stand With Ukraine

Updated Privacy Policy & Site Statistics

2021 Annual report

0.15

CiviCRM 5.44 Release

Stripe: Card On File

FormBuilder: Remote Forms

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM