Released February 15, 2023
| Does this version...? | |
|---|---|
| Change the database schema? | no |
| Alter the API? | no |
| Require attention to configuration options? | no |
| Fix problems installing or upgrading to a previous version? | no |
| Introduce features? | no |
| Fix bugs? | yes |
| Fix security vulnerabilities? | yes |
- CIVI-SA-2023-04: File Type Restrictions (Remote code execution)
- CIVI-SA-2023-05: Quick Add Widget (Javascript execution)
- CIVI-SA-2023-06: Dompdf 2.0.3 (Remote code exeuction)
- CiviContribute: PDF invoice renders with incorrect formatting (dev/core#4080: #25547)
- CiviEvent: Excessive validation of title field (dev/core#4119: #25578)
- CiviReports: Error "no such field" when displaying to limited-access user (dev/core#4068: #25525)
- Extensions: During installation, new classes may not initially load (dev/core#4055: #25379)
- Status Check: Tweak severity of new timezone warning (#25583)
- Testing: Headless tests should initialize timezone (#25534)
- Tokens: Tokens like
{contact.email_primary.email}do not render consistently (dev/core#4109: #25548)
This release was developed by the following authors and reviewers:
Wikimedia Foundation - Eileen McNaughton; timinaust; Tadpole Collective - Kevin Cristiano; Megaphone Technology Consulting - Jon Goldberg; Maria; JMA Consulting - Seamus Lee; Deloitte - Andrea Intilangelo; Dave D; CiviDesk - Yashodha Chaku; CiviCRM - Tim Otten; CiviCoop - Klaas Eikelboom, Erik Hommel; Circle Interactive - Pradeep Nayak; Bob Silvern; ben_fairless; Australian Greens - Andrew Cormick-Dockery
These release notes are edited by Tim Otten and Andie Hunt. If you'd like to
provide feedback on them, please login to https://chat.civicrm.org/civicrm and
contact @agh1.