Opublikowane
2020-08-19 16:00
Important Notice: This is a security release. We recommend you immediately upgrade to one of the following versions:
Below are the security advisories details:
- CIVI-SA-2020-09: Privilege Escalation via Smart Groups
- CIVI-SA-2020-10: Cross Site Scripting in Activity Details
- CIVI-SA-2020-11: CSRF on CKEditor Configuration
- CIVI-SA-2020-12: XSS in CKEditor Configuration
- CIVI-SA-2020-13: XSS in Event Summary
- CIVI-SA-2020-14: XSS in Profile Description
- CIVI-SA-2020-15: Persistant XSS in Contact Activity Tab
- CIVI-SA-2020-16: jQuery CVE-202-11022, CVE-2020-11023
- CIVI-SA-2020-17: Harden Per-Session Private Key
- CIVI-SA-2020-18: HTML Injection via Error Message
- CIVI-SA-2020-19: Edit Permission for Recurring Contributions
Additionally, there are a few small patches for recent regressions. For full information, see the release notes for 5.28.1 and 5.27.5 ESR.
Support CiviCRM
We are committed to keeping CiviCRM free and open, forever. We depend on your support to help make that happen.
- Make a donation or contribute to a Make it happen campaign.
- If your organization wants to support our work, please become a member today.
- If you are a CiviCRM service provider, please become a partner.
