This most welcome enhancement will allow users to edit card details directly in CiviCRM when processing payments through Stripe, thereby making card updates a much easier process.
For a full roadmap of improvements to the Stripe extension, check out: https://docs.civicrm.org/stripe/en/latest/roadmap/#card-on-file-updating-card-details
CiviCRM Core Team member Coleman Watts will host a webinar presenting the latest developments in SearchKit, work in progress and future plans on 18 August at 11:00am US ET. Please join in to learn about the latest work or just to get familiar with SearchKit. Info at:
CiviCRM includes a rich text editing component, CKEditor, which recently released a security update (v4.16.2). This update addresses 3 security issues.
We expect that these vulnerabilities cannot be meaningfully exploited by automated bots or crawlers - but they may be exploitable with modest social-engineering. Thus, we advise upgrading (or using one of the alternative solutions below).
Join the Community Council and the Core Team for the 2nd Quarterly Community Round Table tomorrow, July 27th (or 28th, depending on your time zone). There will be two sessions to accommodate various time zones (links below up a Time Zone converter):
Due to a scheduling conflict, the 2nd Community Round Table originally scheduled for July 13th will be postponed 2 weeks and will be held on July 27th. Additional information will be forthcoming. Sorry for any confusion!
Turn CiviCRM into a powerful member of your team!
Integrate CiviCRM with your member portal to help with easy data collection, time-saving automations and detailed reporting.
Book a quick demo with to learn how your association's can stay time, money and stay organized with CiviCRM and a well-build member portal:
Josh here with the CiviCRM Core Team. Each January we publish an annual report that highlights our past operational and financial performance as well as our plans for the coming year. This year, we’re taking it a step further and hosting quarterly community round tables in conjunction with the CiviCRM Community Council (the next one is on July 13, details forthcoming).
Some permissions were not being checked adequately before returning results from the CiviCRM APIv4. This did not affect everyday use of CiviCRM, but an attacker could potentially exploit this to bypass security checks and read private data from the database. To date there are no known sites that have been compromised due to this bug. APIv3 was not affected.
