Commit | Line | Data |
---|---|---|
7e841726 SL |
1 | # CiviCRM 5.10.3 |
2 | ||
3 | Released February 20, 2019 | |
4 | ||
5 | - **[Synopsis](#synopsis)** | |
8c71d279 | 6 | - **[Security advisories](#security)** |
7e841726 | 7 | - **[Bugs resolved](#bugs)** |
7e841726 SL |
8 | - **[Feedback](#feedback)** |
9 | ||
10 | ## <a name="synopsis"></a>Synopsis | |
11 | ||
12 | | *Does this version...?* | | | |
13 | |:--------------------------------------------------------------- |:-------:| | |
14 | | **Fix security vulnerabilities?** | **yes** | | |
15 | | Change the database schema? | no | | |
16 | | Alter the API? | no | | |
17 | | Require attention to configuration options? | no | | |
18 | | Fix problems installing or upgrading to a previous version? | no | | |
19 | | Introduce features? | no | | |
20 | | **Fix bugs?** | **yes** | | |
21 | ||
22 | ## <a name="security"></a>Security advisories | |
23 | - **[CIVI-SA-2019-01](https://civicrm.org/advisory/civi-sa-2019-01-weak-access-control-for-file-attachments)**: | |
24 | Weak access-control for file attachments | |
25 | - **[CIVI-SA-2019-02](https://civicrm.org/advisory/civi-sa-2019-02-sqli-in-prevnext-cache)**: | |
26 | SQL Injection in "PrevNext" Cache | |
27 | - **[CIVI-SA-2019-03](https://civicrm.org/advisory/civi-sa-2019-03-xss-in-logging-details-report)**: | |
28 | Cross-Site Scripting in "Logging Details" Report | |
29 | - **[CIVI-SA-2019-04](https://civicrm.org/advisory/civi-sa-2019-04-sqli-in-group-tag-filters)**: | |
30 | SQL Injection in Group and Tag Filters | |
31 | - **[CIVI-SA-2019-05](https://civicrm.org/advisory/civi-sa-2019-05-xss-in-new-pledge-form)**: | |
32 | Cross-Site Scripting in "New Pledge" Form | |
33 | - **[CIVI-SA-2019-06](https://civicrm.org/advisory/civi-sa-2019-06-xss-in-contact-entity-reference-fields)**: | |
34 | Cross-Site Scripting in Contact Reference Fields | |
35 | - **[CIVI-SA-2019-07](https://civicrm.org/advisory/civi-sa-2019-07-limit-cross-domain-execution-by-jquery)**: | |
36 | Limit Cross-Domain Execution by jQuery | |
37 | ||
38 | ## <a name="bugs"></a>Bugs resolved | |
39 | ||
40 | ### Core CiviCRM | |
41 | ||
42 | - **[dev/core#695](https://lab.civicrm.org/dev/core/issues/695) Custom Search | |
43 | results selection failure and | |
44 | [dev/core#679](https://lab.civicrm.org/dev/core/issues/679) Groups and Tags | |
45 | affect search results when using Search Builder | |
46 | ([13533](https://github.com/civicrm/civicrm-core/pull/13533))** | |
47 | ||
48 | This resolves some search regressions introduced in 5.9.0 relating to caching | |
49 | and custom searches. | |
50 | ||
07f7cd4e AH |
51 | - **[dev/core#737](https://lab.civicrm.org/dev/core/issues/737) SMS not sent if |
52 | "Send Immediately" option is chosen on the last screen | |
7e841726 SL |
53 | ([13641](https://github.com/civicrm/civicrm-core/pull/13641))** |
54 | ||
55 | This resolves an issue where if you selected to send a Bulk SMS immediately | |
07f7cd4e | 56 | it would not be sent because the scheduled date was set to `NULL` rather than |
7e841726 SL |
57 | the current date and time. |
58 | ||
59 | ## <a name="feedback"></a>Feedback | |
60 | ||
90d6b919 | 61 | Security release notes are edited by Seamus Lee and Tim Otten, and release |
88bd6b02 | 62 | notes generally are edited by Andie Hunt. If you'd like to provide |
90d6b919 | 63 | feedback on them, please login to https://chat.civicrm.org/civicrm and |
7e841726 | 64 | contact `@agh1`. |