Commit | Line | Data |
---|---|---|
6699cc13 TO |
1 | # CiviCRM 5.35.1 |
2 | ||
3 | Released March 17, 2021 | |
4 | ||
5 | - **[Synopsis](#synopsis)** | |
6 | - **[Bugs resolved](#bugs)** | |
7 | - **[Credits](#credits)** | |
8 | - **[Feedback](#feedback)** | |
9 | ||
10 | ## <a name="synopsis"></a>Synopsis | |
11 | ||
12 | | *Does this version...?* | | | |
13 | | --------------------------------------------------------------- | -------- | | |
14 | | Change the database schema? | no | | |
15 | | Alter the API? | no | | |
16 | | Require attention to configuration options? | no | | |
17 | | **Fix problems installing or upgrading to a previous version?** | **yes** | | |
18 | | Introduce features? | no | | |
19 | | **Fix bugs?** | **yes** | | |
20 | ||
21 | ## <a name="security"></a>Security advisories | |
22 | ||
23 | - **[CIVI-SA-2021-01](https://civicrm.org/advisory/civi-sa-2021-01-reflected-cross-site-scripting-uploaded-csvs)**: Reflected Cross Site Scripting via Uploaded CSVs | |
24 | - **[CIVI-SA-2021-02](https://civicrm.org/advisory/civi-sa-2021-02-web-executable-utility-scripts)**: Web Executable Utility Scripts | |
25 | - **[CIVI-SA-2021-03](https://civicrm.org/advisory/civi-sa-2021-03-cross-site-scripting-manage-extensions)**: Cross Site Scripting in "Manage Extensions" | |
26 | - **[CIVI-SA-2021-04](https://civicrm.org/advisory/civi-sa-2021-04-cross-site-scripting-apiv4-explorer)**: Cross Site Scripting in the APIv4 Explorer | |
27 | - **[CIVI-SA-2021-05](https://civicrm.org/advisory/civi-sa-2021-05-reflected-cross-site-scripting-personal-campaign-pages)**: Reflected Cross Site Scripting in Personal Campaign Pages | |
28 | - **[CIVI-SA-2021-06](https://civicrm.org/advisory/civi-sa-2021-06-timing-attacks-against-site-key)**: Timing Attacks Against the Site Key | |
29 | - **[CIVI-SA-2021-07](https://civicrm.org/advisory/civi-sa-2021-07-sql-injection-joomla-user-integration)**: SQL injection in Joomla user integration | |
30 | ||
31 | ## <a name="bugs"></a>Bugs resolved | |
32 | ||
33 | * **_CiviCampaign_: Fix error when reserving respondents for a survey ([#19811](https://github.com/civicrm/civicrm-core/pull/19811))** | |
34 | * **_Upgrader_: Fix handling of "group_title" in certain upgrade-paths ([dev/translation#58](https://lab.civicrm.org/dev/translation/-/issues/58): [#19740](https://github.com/civicrm/civicrm-core/pull/19740))** | |
35 | * **_D8 / Asset Builder_: Fail gracefully when certain resources cannot be generted ([dev/core#2137](https://lab.civicrm.org/dev/core/-/issues/2137): [#18830](https://github.com/civicrm/civicrm-core/pull/18830))** | |
36 | ||
37 | A common misconfiguration on Drupal 8+ is to omit `enable-patching`. This currently manifests as an error about `crm-menubar.css`. The change does not fix the misconfiguration, but it makes the error more manageable. | |
38 | ||
39 | ## <a name="credits"></a>Credits | |
40 | ||
41 | Special support from Deutsche Gesellschaft für Internationale Zusammenarbeit | |
42 | GmbH contributed significantly to this release and other contemporaneous | |
43 | security improvements. | |
44 | ||
45 | This release was developed by the following authors and reviewers: | |
46 | ||
47 | Wikimedia Foundation - Eileen McNaughton; Stephen Palmstrom; Semper IT - Karin | |
48 | Gerritsen; Progressive Technology Project - Jamie McClelland; Megaphone Technology | |
49 | Consulting - Jon Goldberg; MJW Consulting - Matthew Wire; MJCO - Mikey O'Toole; JMA | |
50 | Consulting - Seamus Lee, Monish Deb; Fuzion - Luke Stewart; Dmitry Smirnov; Dave D; | |
51 | CiviCRM - Tim Otten, Coleman Watts; Circle Interactive - Pradeep Nayak; Blackfly | |
88bd6b02 | 52 | Solutions - Alan Dixon; Artful Robot - Rich Lott; AGH Strategies - Andie Hunt |
6699cc13 TO |
53 | |
54 | ## <a name="feedback"></a>Feedback | |
55 | ||
88bd6b02 | 56 | These release notes are edited by Tim Otten and Andie Hunt. If you'd like to |
6699cc13 TO |
57 | provide feedback on them, please login to https://chat.civicrm.org/civicrm and |
58 | contact `@agh1`. |