Released March 17, 2021
| Does this version...? | |
|---|---|
| Change the database schema? | no |
| Alter the API? | no |
| Require attention to configuration options? | no |
| Fix problems installing or upgrading to a previous version? | yes |
| Introduce features? | no |
| Fix bugs? | yes |
- CIVI-SA-2021-01: Reflected Cross Site Scripting via Uploaded CSVs
- CIVI-SA-2021-02: Web Executable Utility Scripts
- CIVI-SA-2021-03: Cross Site Scripting in "Manage Extensions"
- CIVI-SA-2021-04: Cross Site Scripting in the APIv4 Explorer
- CIVI-SA-2021-05: Reflected Cross Site Scripting in Personal Campaign Pages
- CIVI-SA-2021-06: Timing Attacks Against the Site Key
- CIVI-SA-2021-07: SQL injection in Joomla user integration
-
CiviCampaign: Fix error when reserving respondents for a survey (#19811)
-
Upgrader: Fix handling of "group_title" in certain upgrade-paths (dev/translation#58: #19740)
-
D8 / Asset Builder: Fail gracefully when certain resources cannot be generted (dev/core#2137: #18830)
A common misconfiguration on Drupal 8+ is to omit
enable-patching. This currently manifests as an error aboutcrm-menubar.css. The change does not fix the misconfiguration, but it makes the error more manageable.
Special support from Deutsche Gesellschaft für Internationale Zusammenarbeit GmbH contributed significantly to this release and other contemporaneous security improvements.
This release was developed by the following authors and reviewers:
Wikimedia Foundation - Eileen McNaughton; Stephen Palmstrom; Semper IT - Karin Gerritsen; Progressive Technology Project - Jamie McClelland; Megaphone Technology Consulting - Jon Goldberg; MJW Consulting - Matthew Wire; MJCO - Mikey O'Toole; JMA Consulting - Seamus Lee, Monish Deb; Fuzion - Luke Stewart; Dmitry Smirnov; Dave D; CiviCRM - Tim Otten, Coleman Watts; Circle Interactive - Pradeep Nayak; Blackfly Solutions - Alan Dixon; Artful Robot - Rich Lott; AGH Strategies - Andrew Hunt
These release notes are edited by Tim Otten and Andrew Hunt. If you'd like to
provide feedback on them, please login to https://chat.civicrm.org/civicrm and
contact @agh1.