it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: "CiviCRM" <info AT civicrm.org>
- To: <it-securitynotifies AT lists.piratenpartei.de>
- Subject: [IT-SecNots] CiviCRM Security Release (4.6.33, 4.7.26) - Multiple advisories
- Date: Thu, 02 Nov 2017 18:05:58 +0000
- Job_id: 9162
There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:
- CiviCRM v4.6.33
- CiviCRM v4.7.26
Read the security advisories for details:
- CIVI-SA-2017-08 XSS in HTML link attributes
- CIVI-SA-2017-09 Shell injection vulnerability in smarty
- CIVI-SA-2017-10 XSS scripting in premium product name
- CIVI-SA-2017-11 XSS in dedupe rules
- CIVI-SA-2017-12 XSS in tag descrption
- CIVI-SA-2017-13 Selectedchild URL parameter not properly validated for CiviCRM message templates
- CIVI-SA-2017-14 XSS in search criteria description
- CIVI-SA-2017-15 Extension key not properly validated when adding or disabling or uninstalling extension
- CIVI-SA-2017-16 SQL injection risk in CiviReports listing
A number of other issues have been fixed in these releases, as described in the official announcement. Upgrade now for the most stable CiviCRM experience (https://civicrm.org/download).
CiviCRM security announcements are available from https://civicrm.org/advisory and via the CiviCRM Security Notifications email list.
Click this link to unsubscribe from this mailing list.
Click this link to opt out of all mail from CiviCRM.org.
Our mailing address is:
San Francisco, California 94117
United States
United States
- [IT-SecNots] CiviCRM Security Release (4.6.33, 4.7.26) - Multiple advisories, CiviCRM, 02.11.2017
Archiv bereitgestellt durch MHonArc 2.6.19.