# CiviCRM 5.58.1

Released February 15, 2023

- **[Synopsis](#synopsis)**
- **[Security advisories](#security)**
- **[Bugs resolved](#bugs)**
- **[Credits](#credits)**
- **[Feedback](#feedback)**

## <a name="synopsis"></a>Synopsis

| *Does this version...?*                                         |          |
| --------------------------------------------------------------- | -------- |
| Change the database schema?                                     | no       |
| Alter the API?                                                  | no       |
| Require attention to configuration options?                     | no       |
| Fix problems installing or upgrading to a previous version?     | no       |
| Introduce features?                                             | no       |
| **Fix bugs?**                                                   | **yes**  |
| **Fix security vulnerabilities?**                               | **yes**  |

## <a name="security"></a>Security advisories

* **[CIVI-SA-2023-04](https://civicrm.org/advisory/civi-sa-2023-04-file-type-restrictions): File Type Restrictions (Remote code execution)**
* **[CIVI-SA-2023-05](https://civicrm.org/advisory/civi-sa-2023-05-quick-add-widget): Quick Add Widget (Javascript execution)**
* **[CIVI-SA-2023-06](https://civicrm.org/advisory/civi-sa-2023-06-dompdf-203): Dompdf 2.0.3 (Remote code exeuction)**

## <a name="bugs"></a>Bugs resolved

* **_CiviContribute_: PDF invoice renders with incorrect formatting ([dev/core#4080](https://lab.civicrm.org/dev/core/-/issues/4080): [#25547](https://github.com/civicrm/civicrm-core/pull/25547))**
* **_CiviEvent_: Excessive validation of title field ([dev/core#4119](https://lab.civicrm.org/dev/core/-/issues/4119): [#25578](https://github.com/civicrm/civicrm-core/pull/25578))**
* **_CiviReports_: Error "no such field" when displaying to limited-access user ([dev/core#4068](https://lab.civicrm.org/dev/core/-/issues/4068): [#25525](https://github.com/civicrm/civicrm-core/pull/25525))**
* **_Extensions_: During installation, new classes may not initially load ([dev/core#4055](https://lab.civicrm.org/dev/core/-/issues/4055): [#25379](https://github.com/civicrm/civicrm-core/pull/25379))**
* **_Status Check_: Tweak severity of new timezone warning ([#25583](https://github.com/civicrm/civicrm-core/pull/25583/))**
* **_Testing_: Headless tests should initialize timezone ([#25534](https://github.com/civicrm/civicrm-core/pull/25534))**
* **_Tokens_: Tokens like `{contact.email_primary.email}` do not render consistently ([dev/core#4109](https://lab.civicrm.org/dev/core/-/issues/4109): [#25548](https://github.com/civicrm/civicrm-core/pull/25548/))**

## <a name="credits"></a>Credits

This release was developed by the following authors and reviewers:

Wikimedia Foundation - Eileen McNaughton; timinaust; Tadpole Collective - Kevin Cristiano;
Megaphone Technology Consulting - Jon Goldberg; Maria; JMA Consulting - Seamus Lee;
Deloitte - Andrea Intilangelo; Dave D; CiviDesk - Yashodha Chaku; CiviCRM - Tim Otten;
CiviCoop - Klaas Eikelboom, Erik Hommel; Circle Interactive - Pradeep Nayak; Bob Silvern;
ben_fairless; Australian Greens - Andrew Cormick-Dockery

## <a name="feedback"></a>Feedback

These release notes are edited by Tim Otten and Andie Hunt.  If you'd like to
provide feedback on them, please login to https://chat.civicrm.org/civicrm and
contact `@agh1`.