CiviCRM 5.24.3

Released April 15, 2020

Security advisories
Credits

Synopsis

Does this version...?
Fix security vulnerabilities?	yes
Change the database schema?	no
Alter the API?	no
Require attention to configuration options?	no
Fix problems installing or upgrading to a previous version?	no
Introduce features?	no
Fix bugs?	no

Security advisories

CIVI-SA-2020-01: Improve Entity Name sanitisation when used as part of API
CIVI-SA-2020-02: API Key Disclosure
CIVI-SA-2020-03: PHP Code Execution via Phar Deserialization
CIVI-SA-2020-04: Cross Site Scripting within CiviCase Reports
CIVI-SA-2020-05: SQL Injection in Campaign Summary and Delete Activity
CIVI-SA-2020-06: SQLI in Query Builder
CIVI-SA-2020-07: CSRF in Scheduled Jobs
CIVI-SA-2020-08: XSS via JS libraries

Credits

This release was developed by the following people, who participated in various stages of reporting, analysis, development, review, and testing:

Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies; Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot; Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs; Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE; Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5.24.3.md

5.24.3.md

CiviCRM 5.24.3

Synopsis

Security advisories

Credits

Files

5.24.3.md

Latest commit

History

5.24.3.md

File metadata and controls

CiviCRM 5.24.3

Synopsis

Security advisories

Credits