it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] CiviCRM Security Release (5.35.1, 5.33.3 ESR) - Multiple advisories

From: "CiviCRM" <info AT civicrm.org>
To: <it-securitynotifies AT lists.piratenpartei.de>
Subject: [IT-SecNots] CiviCRM Security Release (5.35.1, 5.33.3 ESR) - Multiple advisories
Date: Thu, 18 Mar 2021 01:41:07 -0700
Job_id: 13262

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

CiviCRM v5.35.1
CiviCRM v5.33.3 ESR

Below are the security advisories:

CIVI-SA-2021-01: Reflected Cross Site Scripting via Uploaded CSVs
CIVI-SA-2021-02: Web Executable Utility Scripts
CIVI-SA-2021-03: Cross Site Scripting in "Manage Extensions"
CIVI-SA-2021-04: Cross Site Scripting in the APIv4 Explorer
CIVI-SA-2021-05: Reflected Cross Site Scripting in Personal Campaign Pages
CIVI-SA-2021-06: Timing Attacks Against the Site Key
CIVI-SA-2021-07: SQL injection in Joomla user integration

A couple of other issues have been fixed in these releases. Please see the official announcement and release notes.

The CiviCRM Security Team would also like to make people aware about a public service announcement in regards to changes to cryptography handling in CiviCRM

We would also like to thank Deutsche Gesellschaft für Internationale Zusammenarbeit GmbH for funding this security release.

Upgrade now for the most stable CiviCRM experience:

To download CiviCRM 5.35.1 : https://civicrm.org/download
To download CiviCRM 5.33.3 ESR version: https://civicrm.org/esr

Click this link to unsubscribe from this mailing list.

Click this link to opt out of all mail from CiviCRM.org.

Our mailing address is:

2367 24th Ave
San Francisco, California 94116
United States

[IT-SecNots] CiviCRM Security Release (5.35.1, 5.33.3 ESR) - Multiple advisories, CiviCRM, 18.03.2021

Archiv bereitgestellt durch MHonArc 2.6.24.