# CiviCRM 5.35.1 Released March 17, 2021 - **[Synopsis](#synopsis)** - **[Bugs resolved](#bugs)** - **[Credits](#credits)** - **[Feedback](#feedback)** ## <a name="synopsis"></a>Synopsis | *Does this version...?* | | | --------------------------------------------------------------- | -------- | | Change the database schema? | no | | Alter the API? | no | | Require attention to configuration options? | no | | **Fix problems installing or upgrading to a previous version?** | **yes** | | Introduce features? | no | | **Fix bugs?** | **yes** | ## <a name="security"></a>Security advisories - **[CIVI-SA-2021-01](https://civicrm.org/advisory/civi-sa-2021-01-reflected-cross-site-scripting-uploaded-csvs)**: Reflected Cross Site Scripting via Uploaded CSVs - **[CIVI-SA-2021-02](https://civicrm.org/advisory/civi-sa-2021-02-web-executable-utility-scripts)**: Web Executable Utility Scripts - **[CIVI-SA-2021-03](https://civicrm.org/advisory/civi-sa-2021-03-cross-site-scripting-manage-extensions)**: Cross Site Scripting in "Manage Extensions" - **[CIVI-SA-2021-04](https://civicrm.org/advisory/civi-sa-2021-04-cross-site-scripting-apiv4-explorer)**: Cross Site Scripting in the APIv4 Explorer - **[CIVI-SA-2021-05](https://civicrm.org/advisory/civi-sa-2021-05-reflected-cross-site-scripting-personal-campaign-pages)**: Reflected Cross Site Scripting in Personal Campaign Pages - **[CIVI-SA-2021-06](https://civicrm.org/advisory/civi-sa-2021-06-timing-attacks-against-site-key)**: Timing Attacks Against the Site Key - **[CIVI-SA-2021-07](https://civicrm.org/advisory/civi-sa-2021-07-sql-injection-joomla-user-integration)**: SQL injection in Joomla user integration ## <a name="bugs"></a>Bugs resolved * **_CiviCampaign_: Fix error when reserving respondents for a survey ([#19811](https://github.com/civicrm/civicrm-core/pull/19811))** * **_Upgrader_: Fix handling of "group_title" in certain upgrade-paths ([dev/translation#58](https://lab.civicrm.org/dev/translation/-/issues/58): [#19740](https://github.com/civicrm/civicrm-core/pull/19740))** * **_D8 / Asset Builder_: Fail gracefully when certain resources cannot be generted ([dev/core#2137](https://lab.civicrm.org/dev/core/-/issues/2137): [#18830](https://github.com/civicrm/civicrm-core/pull/18830))** A common misconfiguration on Drupal 8+ is to omit `enable-patching`. This currently manifests as an error about `crm-menubar.css`. The change does not fix the misconfiguration, but it makes the error more manageable. ## <a name="credits"></a>Credits Special support from Deutsche Gesellschaft für Internationale Zusammenarbeit GmbH contributed significantly to this release and other contemporaneous security improvements. This release was developed by the following authors and reviewers: Wikimedia Foundation - Eileen McNaughton; Stephen Palmstrom; Semper IT - Karin Gerritsen; Progressive Technology Project - Jamie McClelland; Megaphone Technology Consulting - Jon Goldberg; MJW Consulting - Matthew Wire; MJCO - Mikey O'Toole; JMA Consulting - Seamus Lee, Monish Deb; Fuzion - Luke Stewart; Dmitry Smirnov; Dave D; CiviCRM - Tim Otten, Coleman Watts; Circle Interactive - Pradeep Nayak; Blackfly Solutions - Alan Dixon; Artful Robot - Rich Lott; AGH Strategies - Andrew Hunt ## <a name="feedback"></a>Feedback These release notes are edited by Tim Otten and Andrew Hunt. If you'd like to provide feedback on them, please login to https://chat.civicrm.org/civicrm and contact `@agh1`.