release-notes/5.35.1.md

   1 # CiviCRM 5.35.1
   2
   3 Released March 17, 2021
   4
   5 - **[Synopsis](#synopsis)**
   6 - **[Bugs resolved](#bugs)**
   7 - **[Credits](#credits)**
   8 - **[Feedback](#feedback)**
   9
  10 ## <a name="synopsis"></a>Synopsis
  11
  12 | *Does this version...?*                                         |          |
  13 | --------------------------------------------------------------- | -------- |
  14 | Change the database schema?                                     | no       |
  15 | Alter the API?                                                  | no       |
  16 | Require attention to configuration options?                     | no       |
  17 | **Fix problems installing or upgrading to a previous version?** | **yes**  |
  18 | Introduce features?                                             | no       |
  19 | **Fix bugs?**                                                   | **yes**  |
  20
  21 ## <a name="security"></a>Security advisories
  22
  23 - **[CIVI-SA-2021-01](https://civicrm.org/advisory/civi-sa-2021-01-reflected-cross-site-scripting-uploaded-csvs)**: Reflected Cross Site Scripting via Uploaded CSVs
  24 - **[CIVI-SA-2021-02](https://civicrm.org/advisory/civi-sa-2021-02-web-executable-utility-scripts)**: Web Executable Utility Scripts
  25 - **[CIVI-SA-2021-03](https://civicrm.org/advisory/civi-sa-2021-03-cross-site-scripting-manage-extensions)**: Cross Site Scripting in "Manage Extensions"
  26 - **[CIVI-SA-2021-04](https://civicrm.org/advisory/civi-sa-2021-04-cross-site-scripting-apiv4-explorer)**: Cross Site Scripting in the APIv4 Explorer
  27 - **[CIVI-SA-2021-05](https://civicrm.org/advisory/civi-sa-2021-05-reflected-cross-site-scripting-personal-campaign-pages)**: Reflected Cross Site Scripting in Personal Campaign Pages
  28 - **[CIVI-SA-2021-06](https://civicrm.org/advisory/civi-sa-2021-06-timing-attacks-against-site-key)**: Timing Attacks Against the Site Key
  29 - **[CIVI-SA-2021-07](https://civicrm.org/advisory/civi-sa-2021-07-sql-injection-joomla-user-integration)**: SQL injection in Joomla user integration
  30
  31 ## <a name="bugs"></a>Bugs resolved
  32
  33 * **_CiviCampaign_: Fix error when reserving respondents for a survey ([#19811](https://github.com/civicrm/civicrm-core/pull/19811))**
  34 * **_Upgrader_: Fix handling of "group_title" in certain upgrade-paths ([dev/translation#58](https://lab.civicrm.org/dev/translation/-/issues/58): [#19740](https://github.com/civicrm/civicrm-core/pull/19740))**
  35 * **_D8 / Asset Builder_: Fail gracefully when certain resources cannot be generted ([dev/core#2137](https://lab.civicrm.org/dev/core/-/issues/2137): [#18830](https://github.com/civicrm/civicrm-core/pull/18830))**
  36
  37   A common misconfiguration on Drupal 8+ is to omit `enable-patching`. This currently manifests as an error about `crm-menubar.css`. The change does not fix the misconfiguration, but it makes the error more manageable.
  38
  39 ## <a name="credits"></a>Credits
  40
  41 Special support from Deutsche Gesellschaft für Internationale Zusammenarbeit
  42 GmbH contributed significantly to this release and other contemporaneous
  43 security improvements.
  44
  45 This release was developed by the following authors and reviewers:
  46
  47 Wikimedia Foundation - Eileen McNaughton; Stephen Palmstrom; Semper IT - Karin
  48 Gerritsen; Progressive Technology Project - Jamie McClelland; Megaphone Technology
  49 Consulting - Jon Goldberg; MJW Consulting - Matthew Wire; MJCO - Mikey O'Toole; JMA
  50 Consulting - Seamus Lee, Monish Deb; Fuzion - Luke Stewart; Dmitry Smirnov; Dave D;
  51 CiviCRM - Tim Otten, Coleman Watts; Circle Interactive - Pradeep Nayak; Blackfly
  52 Solutions - Alan Dixon; Artful Robot - Rich Lott; AGH Strategies - Andrew Hunt
  53
  54 ## <a name="feedback"></a>Feedback
  55
  56 These release notes are edited by Tim Otten and Andrew Hunt.  If you'd like to
  57 provide feedback on them, please login to https://chat.civicrm.org/civicrm and
  58 contact `@agh1`.