[IT-SecNots] CiviCRM Security Release (4.6.21, 4.7.11) - Multiple advisories

["CiviCRM" <info AT civicrm.org>]

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

• CiviCRM v4.6.21
• CiviCRM v4.7.11

Read the security advisories for details:

• https://civicrm.org/advisory/civi-sa-2016-04-sql-injection-in-civicrm-installer
• https://civicrm.org/advisory/civi-sa-2016-11-potential-backtrace-leak
• https://civicrm.org/advisory/civi-sa-2016-12-sql-injection-in-api
• https://civicrm.org/advisory/civi-sa-2016-13-improve-secure-flags-on-cookies
• https://civicrm.org/advisory/civi-sa-2016-14-improve-permissions-on-backend-scripts
• https://civicrm.org/advisory/civi-sa-2016-15-improve-entropy-of-log-file-name
• https://civicrm.org/advisory/civi-sa-2016-16-improve-permissions-for-sql-imports
• https://civicrm.org/advisory/civi-sa-2016-17-manage-csrf-overrides-for-external-profile-forms
• https://civicrm.org/advisory/civi-sa-2016-18-potential-sql-injection-in-developer-mode

A number of other issues have been fixed in these releases, as described in the official announcement. Upgrade now for the most stable CiviCRM experience (https://civicrm.org/download).

CiviCRM security announcements are available from https://civicrm.org/advisory and via the CiviCRM Security Notifications email list.

 

---

 

Click this link to unsubscribe from this mailing list.

Click this link to opt out of all mail from CiviCRM.org.

Our mailing address is:

San Francisco, CA 94117
UNITED STATES