projects / civicrm-core.git / blame
| Commit | Line | Data |
|---|---|---|
| 7e841726 SL |
1 | # CiviCRM 5.10.3 |
| 2 | ||
| 3 | Released February 20, 2019 | |
| 4 | ||
| 5 | - **[Synopsis](#synopsis)** | |
| 8c71d279 | 6 | - **[Security advisories](#security)** |
| 7e841726 | 7 | - **[Bugs resolved](#bugs)** |
| 7e841726 SL |
8 | - **[Feedback](#feedback)** |
| 9 | ||
| 10 | ## <a name="synopsis"></a>Synopsis | |
| 11 | ||
| 12 | | *Does this version...?* | | | |
| 13 | |:--------------------------------------------------------------- |:-------:| | |
| 14 | | **Fix security vulnerabilities?** | **yes** | | |
| 15 | | Change the database schema? | no | | |
| 16 | | Alter the API? | no | | |
| 17 | | Require attention to configuration options? | no | | |
| 18 | | Fix problems installing or upgrading to a previous version? | no | | |
| 19 | | Introduce features? | no | | |
| 20 | | **Fix bugs?** | **yes** | | |
| 21 | ||
| 22 | ## <a name="security"></a>Security advisories | |
| 23 | - **[CIVI-SA-2019-01](https://civicrm.org/advisory/civi-sa-2019-01-weak-access-control-for-file-attachments)**: | |
| 24 | Weak access-control for file attachments | |
| 25 | - **[CIVI-SA-2019-02](https://civicrm.org/advisory/civi-sa-2019-02-sqli-in-prevnext-cache)**: | |
| 26 | SQL Injection in "PrevNext" Cache | |
| 27 | - **[CIVI-SA-2019-03](https://civicrm.org/advisory/civi-sa-2019-03-xss-in-logging-details-report)**: | |
| 28 | Cross-Site Scripting in "Logging Details" Report | |
| 29 | - **[CIVI-SA-2019-04](https://civicrm.org/advisory/civi-sa-2019-04-sqli-in-group-tag-filters)**: | |
| 30 | SQL Injection in Group and Tag Filters | |
| 31 | - **[CIVI-SA-2019-05](https://civicrm.org/advisory/civi-sa-2019-05-xss-in-new-pledge-form)**: | |
| 32 | Cross-Site Scripting in "New Pledge" Form | |
| 33 | - **[CIVI-SA-2019-06](https://civicrm.org/advisory/civi-sa-2019-06-xss-in-contact-entity-reference-fields)**: | |
| 34 | Cross-Site Scripting in Contact Reference Fields | |
| 35 | - **[CIVI-SA-2019-07](https://civicrm.org/advisory/civi-sa-2019-07-limit-cross-domain-execution-by-jquery)**: | |
| 36 | Limit Cross-Domain Execution by jQuery | |
| 37 | ||
| 38 | ## <a name="bugs"></a>Bugs resolved | |
| 39 | ||
| 40 | ### Core CiviCRM | |
| 41 | ||
| 42 | - **[dev/core#695](https://lab.civicrm.org/dev/core/issues/695) Custom Search | |
| 43 | results selection failure and | |
| 44 | [dev/core#679](https://lab.civicrm.org/dev/core/issues/679) Groups and Tags | |
| 45 | affect search results when using Search Builder | |
| 46 | ([13533](https://github.com/civicrm/civicrm-core/pull/13533))** | |
| 47 | ||
| 48 | This resolves some search regressions introduced in 5.9.0 relating to caching | |
| 49 | and custom searches. | |
| 50 | ||
| 07f7cd4e AH |
51 | - **[dev/core#737](https://lab.civicrm.org/dev/core/issues/737) SMS not sent if |
| 52 | "Send Immediately" option is chosen on the last screen | |
| 7e841726 SL |
53 | ([13641](https://github.com/civicrm/civicrm-core/pull/13641))** |
| 54 | ||
| 55 | This resolves an issue where if you selected to send a Bulk SMS immediately | |
| 07f7cd4e | 56 | it would not be sent because the scheduled date was set to `NULL` rather than |
| 7e841726 SL |
57 | the current date and time. |
| 58 | ||
| 59 | ## <a name="feedback"></a>Feedback | |
| 60 | ||
| 90d6b919 TO |
61 | Security release notes are edited by Seamus Lee and Tim Otten, and release |
| 62 | notes generally are edited by Andrew Hunt. If you'd like to provide | |
| 63 | feedback on them, please login to https://chat.civicrm.org/civicrm and | |
| 7e841726 | 64 | contact `@agh1`. |