# CiviCRM 5.35.1
Released March 17, 2021
- **[Synopsis](#synopsis)**
- **[Bugs resolved](#bugs)**
- **[Credits](#credits)**
- **[Feedback](#feedback)**
## Synopsis
| *Does this version...?* | |
| --------------------------------------------------------------- | -------- |
| Change the database schema? | no |
| Alter the API? | no |
| Require attention to configuration options? | no |
| **Fix problems installing or upgrading to a previous version?** | **yes** |
| Introduce features? | no |
| **Fix bugs?** | **yes** |
## Security advisories
- **[CIVI-SA-2021-01](https://civicrm.org/advisory/civi-sa-2021-01-reflected-cross-site-scripting-uploaded-csvs)**: Reflected Cross Site Scripting via Uploaded CSVs
- **[CIVI-SA-2021-02](https://civicrm.org/advisory/civi-sa-2021-02-web-executable-utility-scripts)**: Web Executable Utility Scripts
- **[CIVI-SA-2021-03](https://civicrm.org/advisory/civi-sa-2021-03-cross-site-scripting-manage-extensions)**: Cross Site Scripting in "Manage Extensions"
- **[CIVI-SA-2021-04](https://civicrm.org/advisory/civi-sa-2021-04-cross-site-scripting-apiv4-explorer)**: Cross Site Scripting in the APIv4 Explorer
- **[CIVI-SA-2021-05](https://civicrm.org/advisory/civi-sa-2021-05-reflected-cross-site-scripting-personal-campaign-pages)**: Reflected Cross Site Scripting in Personal Campaign Pages
- **[CIVI-SA-2021-06](https://civicrm.org/advisory/civi-sa-2021-06-timing-attacks-against-site-key)**: Timing Attacks Against the Site Key
- **[CIVI-SA-2021-07](https://civicrm.org/advisory/civi-sa-2021-07-sql-injection-joomla-user-integration)**: SQL injection in Joomla user integration
## Bugs resolved
* **_CiviCampaign_: Fix error when reserving respondents for a survey ([#19811](https://github.com/civicrm/civicrm-core/pull/19811))**
* **_Upgrader_: Fix handling of "group_title" in certain upgrade-paths ([dev/translation#58](https://lab.civicrm.org/dev/translation/-/issues/58): [#19740](https://github.com/civicrm/civicrm-core/pull/19740))**
* **_D8 / Asset Builder_: Fail gracefully when certain resources cannot be generted ([dev/core#2137](https://lab.civicrm.org/dev/core/-/issues/2137): [#18830](https://github.com/civicrm/civicrm-core/pull/18830))**
A common misconfiguration on Drupal 8+ is to omit `enable-patching`. This currently manifests as an error about `crm-menubar.css`. The change does not fix the misconfiguration, but it makes the error more manageable.
## Credits
Special support from Deutsche Gesellschaft für Internationale Zusammenarbeit
GmbH contributed significantly to this release and other contemporaneous
security improvements.
This release was developed by the following authors and reviewers:
Wikimedia Foundation - Eileen McNaughton; Stephen Palmstrom; Semper IT - Karin
Gerritsen; Progressive Technology Project - Jamie McClelland; Megaphone Technology
Consulting - Jon Goldberg; MJW Consulting - Matthew Wire; MJCO - Mikey O'Toole; JMA
Consulting - Seamus Lee, Monish Deb; Fuzion - Luke Stewart; Dmitry Smirnov; Dave D;
CiviCRM - Tim Otten, Coleman Watts; Circle Interactive - Pradeep Nayak; Blackfly
Solutions - Alan Dixon; Artful Robot - Rich Lott; AGH Strategies - Andrew Hunt
## Feedback
These release notes are edited by Tim Otten and Andrew Hunt. If you'd like to
provide feedback on them, please login to https://chat.civicrm.org/civicrm and
contact `@agh1`.