CiviCRM 5.64.4

Files

Repositories

civicrm-backdrop@1.x	browse	commits
civicrm-core	browse	commits
civicrm-drupal-8	browse	commits
civicrm-drupal@7.x	browse	commits
civicrm-joomla	browse	commits
civicrm-packages	browse	commits
civicrm-wordpress	browse	commits

# CiviCRM 5.64.4 Released September 6, 2023 - **[Synopsis](#synopsis)** - **[Security advisories](#security)** - **[Bugs resolved](#bugs)** - **[Credits](#credits)** - **[Feedback](#feedback)** ## <a name="synopsis"></a>Synopsis | *Does this version...?* | | | --------------------------------------------------------------- | -------- | | Change the database schema? | no | | Alter the API? | no | | Require attention to configuration options? | no | | **Fix problems installing or upgrading to a previous version?** | **yes** | | Introduce features? | no | | **Fix bugs?** | **yes** | | **Fix security vulnerabilities?** | **yes** | ## <a name="security"></a>Security advisories * **[CIVI-SA-2023-07](https://civicrm.org/advisory/civi-sa-2023-07-smarty-math-rce): Smarty Math RCE** * **[CIVI-SA-2023-08](https://civicrm.org/advisory/civi-sa-2023-08-kcfinder-xss): KCFinder XSS** * **[CIVI-SA-2023-09](https://civicrm.org/advisory/civi-sa-2023-09-getfields-sqli): GetFields SQLI** * **[CIVI-SA-2023-10](https://civicrm.org/advisory/civi-sa-2023-10-multiple-potential-sqli): Multiple Potential SQLI** * **[CIVI-SA-2023-11](https://civicrm.org/advisory/civi-sa-2023-11-select2-xss): Select2 XSS** * **[CIVI-SA-2023-12](https://civicrm.org/advisory/civi-sa-2023-12-jquery-validation-dos): jQuery Validation DoS** * **[CIVI-SA-2023-13](https://civicrm.org/advisory/civi-sa-2023-13-survey-xss): Survey XSS** * **[CIVI-SA-2023-14](https://civicrm.org/advisory/civi-sa-2023-14-contact-image-csrf): Contact Image CSRF** * **[CIVI-SA-2023-15](https://civicrm.org/advisory/civi-sa-2023-15-civievent-xss): CiviEvent XSS** ## <a name="bugs"></a>Bugs resolved * **_Custom Data_: Failure processing "File" field ([#27290](https://github.com/civicrm/civicrm-core/pull/27290))** * **_Upgrader_: Failure handling "civicrm_job_log" if there are orphaned records ([#27310](https://github.com/civicrm/civicrm-core/pull/27310))** ## <a name="credits"></a>Credits This release was developed by the following authors and reviewers: Uepal - Jean-Marie Heitz; Third Sector Design - Kurund Jalmi, William Mortada; RIPS Technologies - Dennis Brinkrolf; Ranjit Pahan; JMA Consulting - Seamus Lee; Dave D; CiviCRM - Coleman Watts, Tim Otten; BrightMinded Ltd - Bradley Taylor; Artful Robot - Rich Lott ## <a name="feedback"></a>Feedback These release notes are edited by Tim Otten and Andie Hunt. If you'd like to provide feedback on them, please login to https://chat.civicrm.org/civicrm and contact `@agh1`.