[IT-SecNots] CiviCRM Security Advisories - 4.4.6, 4.2.17LTS

["CiviCRM" <info AT civicrm.org>]

There has been a security advisory for CiviCRM. We recommend you immediately upgrade to one of the following versions:

• CiviCRM 4.4.6 (latest version)
• CiviCRM 4.2.17 (LTS)

Read the security advisories for details:

• https://civicrm.org/advisory/civi-sa-2014-002-risk-information-disclosure-anonymous-users
• https://civicrm.org/advisory/civi-sa-2014-003-insecure-handling-profile-settings

To receive future CiviCRM security notices, subscribe to notifications.

In addition, CiviCRM 4.4.6 contains 30 fixes, making it the most stable version of 4.4 available. Upgrading now can save you a lot of troubleshooting later.

» View all issues fixed in the 4.4.6 release.

4.2 LTS Regression Advisory

The latest version of the 4.2 LTS fixes a security hole but contains a regression that affects individuals filling in contribution pages on behalf of organisations IF they have more than one employer.  If they make an error in filling out the form, the form they see as a result contains fields for each employer.

We recommend you upgrade to secure your site. If this edge case affects your organisation you should look at upgrading directly to 4.4 or contract someone to work further on this. The 4.4 patch is complex & the code involved has changed between versions and the 4.2 LTS is now winding down - hence we were not able to secure the LTS without this edge case regression within the amount of time people were prepared to donate.

 

Click this link to unsubscribe from this mailing list.

Click this link to opt out of all mail from CiviCRM.org.

Our mailing address is:

San Francisco, CA 94117
United States