# CiviCRM 5.78.2 Released Oct 16, 2024 - **[Synopsis](#synopsis)** - **[Security advisories](#security)** - **[Bugs resolved](#bugs)** - **[Credits](#credits)** - **[Feedback](#feedback)** ## <a name="synopsis"></a>Synopsis | *Does this version...?* | | | --------------------------------------------------------------- | -------- | | Change the database schema? | no | | Alter the API? | no | | **Require attention to configuration options?** | **yes** | | **Fix problems installing or upgrading to a previous version?** | **yes** | | Introduce features? | no | | **Fix bugs?** | **yes** | | **Fix security vulnerabilities?** | **yes** | ## <a name="security"></a>Security advisories * **[CIVI-SA-2024-04](https://civicrm.org/advisory/civi-sa-2024-04-copy-clone-actions-csrf): Copy/Clone Actions (CSRF)** * **[CIVI-SA-2024-05](https://civicrm.org/advisory/civi-sa-2024-05-multiple-ajax-end-points-csrf): Multiple AJAX End-Points (CSRF)** * **[CIVI-SA-2024-06](https://civicrm.org/advisory/civi-sa-2024-06-source-and-name-fields-xss): Source and Name Fields (XSS)** * **[CIVI-SA-2024-07](https://civicrm.org/advisory/civi-sa-2024-07-symbolic-link-cleanup): Symbolic Link Cleanup** * **[CIVI-SA-2024-08](https://civicrm.org/advisory/civi-sa-2024-08-phpspreadsheet): PhpSpreadsheet ([#31243](https://github.com/civicrm/civicrm-core/pull/31243))** * **[CIVI-PSA-2024-01](https://civicrm.org/advisory/civi-psa-2024-01-wkhtmltopdf-eol): wkhtmltopdf (EOL)** If you use the `wkhtmltopdf` add-on, then you should disable it. ## <a name="bugs"></a>Bugs resolved * **_CiviContribute_: For "Thank You" page, restore localized display of units for certain kinds of contributions ([dev/translation#90](https://lab.civicrm.org/dev/translation/-/issues/90): [#31299](https://github.com/civicrm/civicrm-core/pull/31299))** * **_CiviMember_: Adding a membership fails if CiviContribute is inactive ([dev/core#5504](https://lab.civicrm.org/dev/core/-/issues/5504): [#31296](https://github.com/civicrm/civicrm-core/pull/31296), [#31300](https://github.com/civicrm/civicrm-core/pull/31300))** * **_Entity Framework_: Restore support for "fields_callback" ([#31292](https://github.com/civicrm/civicrm-core/pull/31292))** * **_Financial ACLs_: If a financial type is disabled, then existing contributions are hidden. ([#31308](https://github.com/civicrm/civicrm-core/pull/31308))** * **_Form Builder_: Conditionals don't work with foreign-key fields ([#31304](https://github.com/civicrm/civicrm-core/pull/31304))** * **_Quick Search_: Icon renders incorrectly in some environments ([dev/core#5512](https://lab.civicrm.org/dev/core/-/issues/5512): [#31290](https://github.com/civicrm/civicrm-core/pull/31290))** * **_Upgrader_: Upgrade may fail with error ("Cannot drop index FK_civicrm_participant_cart_id") ([dev/core#5521](https://lab.civicrm.org/dev/core/-/issues/5521): [#31282](https://github.com/civicrm/civicrm-core/pull/31282))** * **_View Contact_: "Relationships" tab does not translate ([dev/core#5499](https://lab.civicrm.org/dev/core/-/issues/5499): [#31302](https://github.com/civicrm/civicrm-core/pull/31302))** ## <a name="credits"></a>Credits This release was developed by the following authors and reviewers: XIMA - Philipp Michael; Wikimedia Foundation - Eileen McNaughton; Third Sector Design - William Mortada, Michael McAndrew; Tadpole Collective - Kevin Cristiano; Ranjit Pahan; PERORA SRL - Samuele Masetto; Nicol Wistreich; jmbegley; JMA Consulting - Seamus Lee, Joe Murray; Greenpeace Central and Eastern Europe - Patrick Figel; Dave D; Coop SymbioTIC - Mathieu Lutfy, Shane Bill; civiservice.de - Sebastian Lisken; CiviDesk - Nicolas Ganivet; CiviCRM - Tim Otten, Coleman Watts; CiviCoop - Jaap Jansma; Blackfly Solutions - Alan Dixon; Benjamin W; All In Appli.com - Guillaume Sorel ## <a name="feedback"></a>Feedback These release notes are edited by Tim Otten and Andie Hunt. If you'd like to provide feedback on them, please login to https://chat.civicrm.org/civicrm and contact `@agh1`.