Released February 20, 2019
Does this version...? | |
---|---|
Fix security vulnerabilities? | yes |
Change the database schema? | no |
Alter the API? | no |
Require attention to configuration options? | no |
Fix problems installing or upgrading to a previous version? | no |
Introduce features? | no |
Fix bugs? | yes |
- CIVI-SA-2019-01: Weak access-control for file attachments
- CIVI-SA-2019-02: SQL Injection in "PrevNext" Cache
- CIVI-SA-2019-03: Cross-Site Scripting in "Logging Details" Report
- CIVI-SA-2019-04: SQL Injection in Group and Tag Filters
- CIVI-SA-2019-05: Cross-Site Scripting in "New Pledge" Form
- CIVI-SA-2019-06: Cross-Site Scripting in Contact Reference Fields
- CIVI-SA-2019-07: Limit Cross-Domain Execution by jQuery
-
dev/core#695 Custom Search results selection failure and dev/core#679 Groups and Tags affect search results when using Search Builder (13533)
This resolves some search regressions introduced in 5.9.0 relating to caching and custom searches.
-
dev/core#737 SMS not sent if "Send Immediately" option is chosen on the last screen (13641)
This resolves an issue where if you selected to send a Bulk SMS immediately it would not be sent because the scheduled date was set to
NULL
rather than the current date and time.
Security release notes are edited by Seamus Lee and Tim Otten, and release
notes generally are edited by Andrew Hunt. If you'd like to provide
feedback on them, please login to https://chat.civicrm.org/civicrm and
contact @agh1
.