Released July 5, 2017
+- **[Security advisories](#security)**
- **[Features](#features)**
- **[Bugs resolved](#bugs)**
- **[Miscellany](#misc)**
- **[Credits](#credits)**
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2017-01](https://civicrm.org/advisory/civi-sa-2017-01-pingback-url-not-encrypted)** Pingback URL not encrypted
+- **[CIVI-SA-2017-02](https://civicrm.org/advisory/civi-sa-2017-02-privilage-escalation-via-leaked-key)** Privilage escalation via leaked key
+- **[CIVI-SA-2017-03](https://civicrm.org/advisory/civi-sa-2017-03-cross-site-scritping-in-the-recently-viewed-block)** Cross-site scripting in "Recently Viewed" block
+- **[CIVI-SA-2017-04](https://civicrm.org/advisory/civi-sa-2017-04-incorrect-escaping-for-on-behalf-of-block)** Incorrect escaping for "On Behalf Of" block
+- **[CIVI-SA-2017-05](https://civicrm.org/advisory/civi-sa-2017-05-incorrect-escaping-for-search-results-column)** Incorrect escaping for "Search Results" column
+- **[CIVI-SA-2017-06](https://civicrm.org/advisory/civi-sa-2017-06-incorrect-escaping-in-drupal-views-integration)** Incorrect escaping in Drupal Views integration
+- **[CIVI-SA-2017-07](https://civicrm.org/advisory/civi-sa-2017-07-insuffient-permission-check-in-mailing-report)** Insuffient permission-check in mailing report
+- **[CIVI-SA-2017-08](https://civicrm.org/advisory/civi-sa-2017-08-upgrade-multiple-js-libraries)** Upgrade multiple JS libraries
+
+
## <a name="features"></a>Features
### Core CiviCRM
- **[CRM-20561](https://issues.civicrm.org/jira/browse/CRM-20561) Load
Net_SMTP, Auth_SASL, Net_Socket via Composer
([10384](https://github.com/civicrm/civicrm-core/pull/10384),
- [4](https://github.com/civicrm/civicrm-core/pull/4),
+ [3](https://github.com/seamuslee001/civicrm-core/pull/3),
+ [4](https://github.com/seamuslee001/civicrm-core/pull/4),
[10385](https://github.com/civicrm/civicrm-core/pull/10385),
[185](https://github.com/civicrm/civicrm-packages/pull/185), and
[186](https://github.com/civicrm/civicrm-packages/pull/186))**
- **(NFC) Attribution Chirojeugd Vlaanderen
([10519](https://github.com/civicrm/civicrm-core/pull/10519))**
-- **[CRM-8597](https://issues.civicrm.org/jira/browse/CRM-8597) PHP strict
- warning: Only variables should be assigned by reference.
- ([3](https://github.com/civicrm/civicrm-core/pull/3))**
-
- Instances of `$SVNROOT` are now replaced by `$CIVISOURCEDIR`.
-
- **[CRM-20620](https://issues.civicrm.org/jira/browse/CRM-20620) Use batch api
to retrieve all the batches
([10397](https://github.com/civicrm/civicrm-core/pull/10397))**
This release was developed by the following code authors:
-Agileware - Agileware Team; Arkadiusz Rzadkowolski; Australian Greens - Seamus Lee; Blackfly Solutions - Alan Dixon; British Humanist Association - Andrew West; chrisfromredfin; Circle Interactive - Dave Jenkins; CiviCRM - Coleman Watts, Tim Otten; CiviDesk - Yashodha Chaku; CompuCorp - Camilo Rodriguez, Michael Devery; Coop SymbioTIC - Mathieu Lutfy; devarun; Effy Elden; elisseck; Francesc Bassas i Bullich; Freeform Solutions - Herb van den Dool; Fuzion - Chris Burgess, Eileen McNaughton, Jitendra Purohit; Ginkgo Street Labs - Frank Gómez; JMA Consulting - Monish Deb, Pradeep Nayak; Joinery - Allen Shaw; Jon Goldberg; Lemniscus - Noah Miller; Lighthouse Design and Consulting - Brian Shaughnessy; Oxfam Germany - Thomas Schüttler; Progressive Technology Project - Jamie McClelland; Romain Thouvenin; Sean Madsen; Systopia - Björn Endres; Web Access - Kurund Jalmi; Wikimedia Foundation - Eileen McNaughton
+Agileware - Agileware Team; Arkadiusz Rzadkowolski; Arun Singh; Australian
+Greens - Seamus Lee; Blackfly Solutions - Alan Dixon; British Humanist
+Association - Andrew West; Circle Interactive - Dave Jenkins; CiviCRM - Coleman
+Watts, Tim Otten; CiviDesk - Yashodha Chaku; CompuCorp - Camilo Rodriguez,
+Michael Devery; Coop SymbioTIC - Mathieu Lutfy; Effy Elden; Eli Lisseck;
+Francesc Bassas i Bullich; Freeform Solutions - Herb van den Dool; Fuzion -
+Chris Burgess, Eileen McNaughton, Jitendra Purohit; Ginkgo Street Labs - Frank
+Gómez; JMA Consulting - Monish Deb, Pradeep Nayak; Joinery - Allen Shaw; Jon
+Goldberg; Lemniscus - Noah Miller; Lighthouse Design and Consulting - Brian
+Shaughnessy; Oxfam Germany - Thomas Schüttler; Progressive Technology Project -
+Jamie McClelland; Redfin Solutions - Chris Wells; Romain Thouvenin; Sean Madsen;
+Systopia - Björn Endres; Web Access - Kurund Jalmi; Wikimedia Foundation -
+Eileen McNaughton
Most authors also reviewed code for this release; in addition, the following
reviewers contributed their comments:
-Agileware - Agileware Team; alainb; Alcohol Justice - Bruce Wolfe; alexmarketaccess; Arkadiusz Rzadkowolski; aruns6578; Australian Greens - Seamus Lee; axon-obriend; Blackfly Solutions - Alan Dixon; Bob Silvern; British Humanist Association - Andrew West; Circle Interactive - Dave Jenkins, Martin Castle; civicrm-builder; CiviCRM - Coleman Watts, Tim Otten; CiviDesk - Nicolas Ganivet, Yashodha Chaku; CiviHosting - Hershel Robinson; clarkac; CompuCorp - Guanhuan Chen, Michael Devery, Mirela Stanila; Coop SymbioTIC - Mathieu Lutfy; devarun; dvhirst; Effy Elden; elisseck; fabian (systopia); fabian_SYSTOPIA; Francesc Bassas i Bullich; Freeform Solutions - Herb van den Dool; Fuzion - Chris Burgess, Eileen McNaughton, Jitendra Purohit, Peter Davis; Ginkgo Street Labs - Frank Gómez; JMA Consulting - Joe Murray, Monish Deb, Pradeep Nayak; Joanne Chester; Johan Vervloet; Joinery - Allen Shaw; Jon Goldberg; Korlon - Stuart Gaston; Lighthouse Design and Consulting - Brian Shaughnessy; MC3 - Graham Mitchell; Michal Mach; Milton Zurita; Miya27; MJW Consulting - Matthew Wire; Nubay Services - David Tarrant; Oxfam Germany - Thomas Schüttler; pillarsdotnet; Progressive Technology Project - Jamie McClelland; Redfin Solutions - Chris Wells; Registered Nurses' Association of Ontario - Thomas Mannell; Richard van Oosterhout; rohan; Romain Thouvenin; Sean Madsen; Semper IT - Karin Gerritsen; sixfootjames; Skvare - Mark Hanna; Systopia - Björn Endres; tttp; wdecraene; Wikimedia Foundation - Eileen McNaughton; xavier
+Alcohol Justice - Bruce Wolfe; Alex Block; Andy Clarke; Blackfly Solutions -
+Alan Dixon; Bob Silvern; Bob Vincent; Business & Code - Alain Benbassat; Circle
+Interactive - Martin Castle; CiviDesk - Nicolas Ganivet; CiviHosting - Hershel
+Robinson; CompuCorp - Guanhuan Chen, Mirela Stanila; Donald Hirst; Fuzion -
+Peter Davis; Ginkgo Street Labs - Dan O'Brien; James van der Hoven; JMA
+Consulting - Joe Murray; Joanne Chester; Johan Vervloet; Korlon - Stuart Gaston;
+MC3 - Graham Mitchell; Michal Mach; Milton Zurita; MJW Consulting - Matthew
+Wire; Nubay Services - David Tarrant; Registered Nurses' Association of Ontario -
+Thomas Mannell; Richard van Oosterhout; Semper IT - Karin Gerritsen; Skvare -
+Mark Hanna; Systopia - Fabian Schuttenberg; Tech To The People - Xavier Dutoit;
+Web Access - Rohan Chavan; Wim De Craene