Commit | Line | Data |
---|---|---|
c260ed5e SL |
1 | # CiviCRM 5.28.1 |
2 | ||
3 | Released August 19, 2020 | |
4 | ||
5 | - **[Security advisories](#security)** | |
6 | - **[Bugs Resolved](#bugs)** | |
7 | - **[Credits](#credits)** | |
8 | ||
9 | ## <a name="synopsis"></a>Synopsis | |
10 | ||
11 | | *Does this version...?* | | | |
12 | |:--------------------------------------------------------------- |:-------:| | |
13 | | **Fix security vulnerabilities?** | **yes** | | |
14 | | Change the database schema? | no | | |
15 | | Alter the API? | no | | |
16 | | Require attention to configuration options? | no | | |
17 | | Fix problems installing or upgrading to a previous version? | no | | |
18 | | Introduce features? | no | | |
8576f7a6 | 19 | | **Fix bugs?** | **yes** | |
c260ed5e SL |
20 | |
21 | ## <a name="security"></a>Security advisories | |
22 | ||
8576f7a6 | 23 | - **[CIVI-SA-2020-09](https://civicrm.org/advisory/civi-sa-2020-09-privilege-escalation-acl-smart-groups): Privilege Escalation via Smart Groups** |
c260ed5e SL |
24 | - **[CIVI-SA-2020-10](https://civicrm.org/advisory/civi-sa-2020-10-cross-site-scripting-activity-details): Cross Site Scripting in Activity Details** |
25 | - **[CIVI-SA-2020-11](https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form): CSRF on CKEditor Configuration** | |
26 | - **[CIVI-SA-2020-12](https://civicrm.org/advisory/civi-sa-2020-12-xss-ckeditor-configuration): XSS in CKEditor Configuration** | |
27 | - **[CIVI-SA-2020-13](https://civicrm.org/advisory/civi-sa-2020-13-xss-event-summary): XSS in Event Summary** | |
28 | - **[CIVI-SA-2020-14](https://civicrm.org/advisory/civi-sa-2020-14-xss-profile-description-field): XSS in Profile Description** | |
29 | - **[CIVI-SA-2020-15](https://civicrm.org/advisory/civi-sa-2020-15-persistent-xss-contact-activity-tab): Persistant XSS in Contact Activity Tab** | |
30 | - **[CIVI-SA-2020-16](https://civicrm.org/advisory/civi-sa-2020-16-jquery-security-update-cve-2020-11022-cve-2020-11023): jQuery CVE-202-11022, CVE-2020-11023** | |
8576f7a6 | 31 | - **[CIVI-SA-2020-17](https://civicrm.org/advisory/civi-sa-2020-17-harden-session-private-key): Harden Per-Session Private Key** |
c260ed5e | 32 | - **[CIVI-SA-2020-18](https://civicrm.org/advisory/civi-sa-2020-18-html-injection-through-error-message): HTML Injection via Error Message** |
8576f7a6 | 33 | - **[CIVI-SA-2020-19](https://civicrm.org/advisory/civi-sa-2020-19-edit-permission-recurring-contributions): Edit Permission for Recurring Contributions** |
c260ed5e SL |
34 | |
35 | ## <a name="bugs"></a>Bugs Resolved | |
36 | ||
8576f7a6 TO |
37 | * **_Activities_: Exporting all activities from a "Find Activity" search as an ACLed user causes DB error ([dev/core#1952](https://lab.civicrm.org/dev/core/-/issues/1952): |
38 | [#18017](https://github.com/civicrm/civicrm-core/pull/18017))** | |
39 | * **_CiviContribute_: Receipts display unlabeled price options as "null" ([dev/core#1936](https://lab.civicrm.org/dev/core/-/issues/1936): | |
c260ed5e | 40 | [#18124](https://github.com/civicrm/civicrm-core/pull/18124))** |
8576f7a6 | 41 | * **_CiviContribute_: Credit card fields are required even when the amount is 0 ([dev/core#1953](https://lab.civicrm.org/dev/core/-/issues/1953): |
c260ed5e | 42 | [#18144](https://github.com/civicrm/civicrm-core/pull/18144), [#16163](https://github.com/civicrm/civicrm-core/pull/16163), [#18166](https://github.com/civicrm/civicrm-core/pull/16166))** |
8576f7a6 | 43 | * **_Dedupe_: Merging contacts with certain "Settings" produces error ([dev/core#1934](https://lab.civicrm.org/dev/core/-/issues/1934): |
c260ed5e | 44 | [#18126](https://github.com/civicrm/civicrm-core/pull/18126))** |
c260ed5e SL |
45 | |
46 | ## <a name="credits"></a>Credits | |
47 | ||
48 | This release was developed by the following people, who participated in | |
49 | various stages of reporting, analysis, development, review, and testing: | |
50 | ||
8576f7a6 TO |
51 | Ben Hubbard - Armadillo Security; Coleman Watts - CiviCRM; Cure53; Dave D; |
52 | Dennis Brinkrolf - RIPS Technologies; Eileen McNaughton - Wikipedia | |
53 | Foundation; Jamie Novick - Compucorp; Jens Schuppe; Jude Hungerford - Asylum | |
54 | Seekers Center; Karin Gerritsen - Semper IT; Kevin Cristiano - Tadpole | |
55 | Collective; Mark Rogers; Mozilla Open Source Support (MOSS); Patrick Figel - | |
56 | Greenpeace CEE; Pradeep Nayak - Circle Interactive; Rich Lott - Artful | |
57 | Robot; Seamus Lee - CiviCRM and JMA Consulting; Sean Colsen - Left Join | |
58 | Labs; Shitij Gugnai - Compucorp; Tim Otten - CiviCRM |