Fix target contact label back to include target

[civicrm-core.git] / release-notes / 5.50.0.md
diff --git a/release-notes/5.50.0.md b/release-notes/5.50.0.md

index a734de61f37ea1e259c8f71c6846fd0bb01efe9e..1300f62ad2f2bf791ba76bf4d4197f81d1116388 100644 (file)
--- a/release-notes/5.50.0.md
+++ b/release-notes/5.50.0.md
@@ -3,6 +3,7 @@
  Released June 1, 2022
  
  - **[Synopsis](#synopsis)**
  Released June 1, 2022
  
  - **[Synopsis](#synopsis)**
+- **[Security advisories](#security)**
  - **[Features](#features)**
  - **[Bugs resolved](#bugs)**
  - **[Miscellany](#misc)**
  - **[Features](#features)**
  - **[Bugs resolved](#bugs)**
  - **[Miscellany](#misc)**
@@ -13,7 +14,7 @@ Released June 1, 2022
  
  | *Does this version...?*                                         |         |
  |:--------------------------------------------------------------- |:-------:|
  
  | *Does this version...?*                                         |         |
  |:--------------------------------------------------------------- |:-------:|
-| Fix security vulnerabilities?                                   |   no    |
+| Fix security vulnerabilities?                                   | **yes** |
  | **Change the database schema?**                                 | **yes** |
  | **Alter the API?**                                              | **yes** |
  | Require attention to configuration options?                     |   no    |
  | **Change the database schema?**                                 | **yes** |
  | **Alter the API?**                                              | **yes** |
  | Require attention to configuration options?                     |   no    |
@@ -21,6 +22,10 @@ Released June 1, 2022
  | **Introduce features?**                                         | **yes** |
  | **Fix bugs?**                                                   | **yes** |
  
  | **Introduce features?**                                         | **yes** |
  | **Fix bugs?**                                                   | **yes** |
  
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2022-07: APIv3 Access Bypass](https://civicrm.org/advisory/civi-sa-2022-07-apiv3-access-bypass)**
+
  ## <a name="features"></a>Features
  
  ### Core CiviCRM
  ## <a name="features"></a>Features
  
  ### Core CiviCRM
@@ -28,20 +33,22 @@ Released June 1, 2022
  - **System Check - Add a reminder about CIVICRM_SIGN_KEYS.
    ([23224](https://github.com/civicrm/civicrm-core/pull/23224))**
  
  - **System Check - Add a reminder about CIVICRM_SIGN_KEYS.
    ([23224](https://github.com/civicrm/civicrm-core/pull/23224))**
  
-  Adds a system status check regarding CIVICRM_SIGN_KEYS.
+  Adds a system status check that generates a reminder about cryptographic
+  signing keys.
  
  - **Restrict allowed uploads - contact image
    ([23147](https://github.com/civicrm/civicrm-core/pull/23147))**
  
    Restrict file types allowed for the contact image field.
  
  - **Restrict allowed uploads - contact image
    ([23147](https://github.com/civicrm/civicrm-core/pull/23147))**
  
    Restrict file types allowed for the contact image field.
-  
+
  - **Add tracking table for import jobs
    ([dev/core#1307](https://lab.civicrm.org/dev/core/-/issues/1307):
    [23199](https://github.com/civicrm/civicrm-core/pull/23199) and
    [23245](https://github.com/civicrm/civicrm-core/pull/23245))**
  
  - **Add tracking table for import jobs
    ([dev/core#1307](https://lab.civicrm.org/dev/core/-/issues/1307):
    [23199](https://github.com/civicrm/civicrm-core/pull/23199) and
    [23245](https://github.com/civicrm/civicrm-core/pull/23245))**
  
-  Adds a table for the purpose of tracking user jobs (imports) and associated
-  temp tables and starts tracking the submittedValues and data source with it.
+  This adds a new table for the purpose of tracking user jobs (e.g. imports) and
+  associated temp tables and starts tracking the submittedValues and data source
+  with it.
  
  - **CustomFields - Improve metadata about which custom groups belong to which
    entities ([23336](https://github.com/civicrm/civicrm-core/pull/23336))**
  
  - **CustomFields - Improve metadata about which custom groups belong to which
    entities ([23336](https://github.com/civicrm/civicrm-core/pull/23336))**
@@ -49,6 +56,22 @@ Released June 1, 2022
    Makes the relationship between Custom Field Groups, entity types and subtypes
    discoverable via APIv4 metadata.
  
    Makes the relationship between Custom Field Groups, entity types and subtypes
    discoverable via APIv4 metadata.
  
+- **Upgrader - Add support for automatic snapshots
+  ([23522](https://github.com/civicrm/civicrm-core/pull/23522) and
+  [23544](https://github.com/civicrm/civicrm-core/pull/23594))**
+
+  This adds a utility for recording a snapshot of certain columns in a database
+  table prior to applying any upgrade steps to it.  This will make it easier to
+  roll back or compare changes if necessary after the upgrade.
+
+  The snapshot tables begin with the prefix `snap_civicrm_` and will be cleaned
+  up after a certain number of minor version upgrades.  For now, the feature is
+  disabled by default, but you may enable it by adding
+
+      define('CIVICRM_UPGRADE_SNAPSHOT', TRUE);
+
+  to the settings file.
+
  - **Api4 - minor fixes and updates
    ([23310](https://github.com/civicrm/civicrm-core/pull/23310))**
  
  - **Api4 - minor fixes and updates
    ([23310](https://github.com/civicrm/civicrm-core/pull/23310))**
  
@@ -141,7 +164,9 @@ Released June 1, 2022
    ([dev/core#3249](https://lab.civicrm.org/dev/core/-/issues/3249):
    [23313](https://github.com/civicrm/civicrm-core/pull/23313))**
  
    ([dev/core#3249](https://lab.civicrm.org/dev/core/-/issues/3249):
    [23313](https://github.com/civicrm/civicrm-core/pull/23313))**
  
-  Makes casetype a managed entity.
+  This makes `CaseType` in APIv4 a managed entity.  This is part of a move
+  towards having all cases defined in configuration and deprecating XML-defined
+  case types.
  
  ### CiviContribute
  
  
  ### CiviContribute
  
@@ -180,6 +205,13 @@ Released June 1, 2022
    ([dev/core#3164](https://lab.civicrm.org/dev/core/-/issues/3164):
    [23191](https://github.com/civicrm/civicrm-core/pull/23191))**
  
    ([dev/core#3164](https://lab.civicrm.org/dev/core/-/issues/3164):
    [23191](https://github.com/civicrm/civicrm-core/pull/23191))**
  
+- **Fix 'Authorization Failed' regression when submitting eg. webform via
+  checksum ([23607](https://github.com/civicrm/civicrm-core/pull/23607))**
+
+  This resolves a bug where accessing an entity through APIv3, coming in via a
+  checksum link, results in a failed authorization for the step of updating the
+  recent items stack via APIv4.
+
  - **Manage Extensions - Hide nag for core exts
    ([dev/core#3171](https://lab.civicrm.org/dev/core/-/issues/3171):
    [23204](https://github.com/civicrm/civicrm-core/pull/23204))**
  - **Manage Extensions - Hide nag for core exts
    ([dev/core#3171](https://lab.civicrm.org/dev/core/-/issues/3171):
    [23204](https://github.com/civicrm/civicrm-core/pull/23204))**
@@ -210,6 +242,12 @@ Released June 1, 2022
  - **SearchKit - Move grid css to its own file
    ([23315](https://github.com/civicrm/civicrm-core/pull/23315))**
  
  - **SearchKit - Move grid css to its own file
    ([23315](https://github.com/civicrm/civicrm-core/pull/23315))**
  
+- **SearchKit - Fix 'undefined var' error after import
+  ([23572](https://github.com/civicrm/civicrm-core/pull/23572))**
+
+  Fixes an unresponsive screen after importing multiple records into SearchKit
+  (using the Import dialog).
+
  - **add missing Parishes of Bermuda (civicrm_state_province)
    ([23339](https://github.com/civicrm/civicrm-core/pull/23339))**
  
  - **add missing Parishes of Bermuda (civicrm_state_province)
    ([23339](https://github.com/civicrm/civicrm-core/pull/23339))**
  
@@ -327,6 +365,9 @@ Released June 1, 2022
  - **Apply nodefaults to contact tabs for escape-on-output
    ([23232](https://github.com/civicrm/civicrm-core/pull/23232))**
  
  - **Apply nodefaults to contact tabs for escape-on-output
    ([23232](https://github.com/civicrm/civicrm-core/pull/23232))**
  
+- **MultipleRecordFieldsListing.tpl - JS strings should us JS escaping
+  ([23499](https://github.com/civicrm/civicrm-core/pull/23499))**
+
  ### CiviCampaign
  
  - **update-supporter-url
  ### CiviCampaign
  
  - **update-supporter-url
@@ -374,6 +415,18 @@ Released June 1, 2022
  
    Definitively load main files during bootstrap.
  
  
    Definitively load main files during bootstrap.
  
+- **Fix empty money handling
+  ([23528](https://github.com/civicrm/civicrm-core/pull/23528))**
+
+  Tokens representing money fields will now default to 0 for empty values.
+
+- **Calculate unit_price based on qty
+  ([23566](https://github.com/civicrm/civicrm-core/pull/23566))**
+
+  This resolves a bug when a template contribution was created for a recurring
+  contribution: the unit_price on the line item was set to match the line_total,
+  ignoring qty.
+
  ### CiviEvent
  
  - **batch geocode API does not process event addresses
  ### CiviEvent
  
  - **batch geocode API does not process event addresses
@@ -668,7 +721,8 @@ Released June 1, 2022
    ([23169](https://github.com/civicrm/civicrm-core/pull/23169))**
  
  - **(NFC) mixin/**.php - Add @since tags
    ([23169](https://github.com/civicrm/civicrm-core/pull/23169))**
  
  - **(NFC) mixin/**.php - Add @since tags
-  ([23423](https://github.com/civicrm/civicrm-core/pull/23423))**
+  ([23423](https://github.com/civicrm/civicrm-core/pull/23423) and
+  [23440](https://github.com/civicrm/civicrm-core/pull/23440))**
  
  - **(NFC) Skip CliRunnerTest on php80+drush+Backdrop
    ([23184](https://github.com/civicrm/civicrm-core/pull/23184))**
  
  - **(NFC) Skip CliRunnerTest on php80+drush+Backdrop
    ([23184](https://github.com/civicrm/civicrm-core/pull/23184))**
@@ -710,7 +764,7 @@ Andreas Howiller; Andy Burns; Artful Robot - Rich Lott; Australian Greens - John
  Twyman; Betty Dolfing; Christian Wach; Circle Interactive - Dave Jenkins, Matt
  Trim; CiviCoop - Jaap Jansma; iXiam - Vangelis Pantazis; JMA Consulting - Edsel
  Lopez; John Kingsnorth; Joinery - Allen Shaw; Nicol Wistreich; Tadpole
  Twyman; Betty Dolfing; Christian Wach; Circle Interactive - Dave Jenkins, Matt
  Trim; CiviCoop - Jaap Jansma; iXiam - Vangelis Pantazis; JMA Consulting - Edsel
  Lopez; John Kingsnorth; Joinery - Allen Shaw; Nicol Wistreich; Tadpole
-Collective - Kevin Cristiano;
+Collective - Kevin Cristiano
  
  ## <a name="feedback"></a>Feedback
  
  
  ## <a name="feedback"></a>Feedback