Released June 1, 2022
- **[Synopsis](#synopsis)**
+- **[Security advisories](#security)**
- **[Features](#features)**
- **[Bugs resolved](#bugs)**
- **[Miscellany](#misc)**
| *Does this version...?* | |
|:--------------------------------------------------------------- |:-------:|
-| Fix security vulnerabilities? | no |
+| Fix security vulnerabilities? | **yes** |
| **Change the database schema?** | **yes** |
| **Alter the API?** | **yes** |
| Require attention to configuration options? | no |
| **Introduce features?** | **yes** |
| **Fix bugs?** | **yes** |
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2022-07: APIv3 Access Bypass](https://civicrm.org/advisory/civi-sa-2022-07-apiv3-access-bypass)**
+
## <a name="features"></a>Features
### Core CiviCRM
- **System Check - Add a reminder about CIVICRM_SIGN_KEYS.
([23224](https://github.com/civicrm/civicrm-core/pull/23224))**
- Adds a system status check regarding CIVICRM_SIGN_KEYS.
+ Adds a system status check that generates a reminder about cryptographic
+ signing keys.
- **Restrict allowed uploads - contact image
([23147](https://github.com/civicrm/civicrm-core/pull/23147))**
Restrict file types allowed for the contact image field.
-
+
- **Add tracking table for import jobs
([dev/core#1307](https://lab.civicrm.org/dev/core/-/issues/1307):
[23199](https://github.com/civicrm/civicrm-core/pull/23199) and
[23245](https://github.com/civicrm/civicrm-core/pull/23245))**
- Adds a table for the purpose of tracking user jobs (imports) and associated
- temp tables and starts tracking the submittedValues and data source with it.
+ This adds a new table for the purpose of tracking user jobs (e.g. imports) and
+ associated temp tables and starts tracking the submittedValues and data source
+ with it.
- **CustomFields - Improve metadata about which custom groups belong to which
entities ([23336](https://github.com/civicrm/civicrm-core/pull/23336))**
Makes the relationship between Custom Field Groups, entity types and subtypes
discoverable via APIv4 metadata.
+- **Upgrader - Add support for automatic snapshots
+ ([23522](https://github.com/civicrm/civicrm-core/pull/23522) and
+ [23544](https://github.com/civicrm/civicrm-core/pull/23594))**
+
+ This adds a utility for recording a snapshot of certain columns in a database
+ table prior to applying any upgrade steps to it. This will make it easier to
+ roll back or compare changes if necessary after the upgrade.
+
+ The snapshot tables begin with the prefix `snap_civicrm_` and will be cleaned
+ up after a certain number of minor version upgrades. For now, the feature is
+ disabled by default, but you may enable it by adding
+
+ define('CIVICRM_UPGRADE_SNAPSHOT', TRUE);
+
+ to the settings file.
+
- **Api4 - minor fixes and updates
([23310](https://github.com/civicrm/civicrm-core/pull/23310))**
([dev/core#3249](https://lab.civicrm.org/dev/core/-/issues/3249):
[23313](https://github.com/civicrm/civicrm-core/pull/23313))**
- Makes casetype a managed entity.
+ This makes `CaseType` in APIv4 a managed entity. This is part of a move
+ towards having all cases defined in configuration and deprecating XML-defined
+ case types.
### CiviContribute
([dev/core#3164](https://lab.civicrm.org/dev/core/-/issues/3164):
[23191](https://github.com/civicrm/civicrm-core/pull/23191))**
+- **Fix 'Authorization Failed' regression when submitting eg. webform via
+ checksum ([23607](https://github.com/civicrm/civicrm-core/pull/23607))**
+
+ This resolves a bug where accessing an entity through APIv3, coming in via a
+ checksum link, results in a failed authorization for the step of updating the
+ recent items stack via APIv4.
+
- **Manage Extensions - Hide nag for core exts
([dev/core#3171](https://lab.civicrm.org/dev/core/-/issues/3171):
[23204](https://github.com/civicrm/civicrm-core/pull/23204))**
- **SearchKit - Move grid css to its own file
([23315](https://github.com/civicrm/civicrm-core/pull/23315))**
+- **SearchKit - Fix 'undefined var' error after import
+ ([23572](https://github.com/civicrm/civicrm-core/pull/23572))**
+
+ Fixes an unresponsive screen after importing multiple records into SearchKit
+ (using the Import dialog).
+
- **add missing Parishes of Bermuda (civicrm_state_province)
([23339](https://github.com/civicrm/civicrm-core/pull/23339))**
- **Apply nodefaults to contact tabs for escape-on-output
([23232](https://github.com/civicrm/civicrm-core/pull/23232))**
+- **MultipleRecordFieldsListing.tpl - JS strings should us JS escaping
+ ([23499](https://github.com/civicrm/civicrm-core/pull/23499))**
+
### CiviCampaign
- **update-supporter-url
Definitively load main files during bootstrap.
+- **Fix empty money handling
+ ([23528](https://github.com/civicrm/civicrm-core/pull/23528))**
+
+ Tokens representing money fields will now default to 0 for empty values.
+
+- **Calculate unit_price based on qty
+ ([23566](https://github.com/civicrm/civicrm-core/pull/23566))**
+
+ This resolves a bug when a template contribution was created for a recurring
+ contribution: the unit_price on the line item was set to match the line_total,
+ ignoring qty.
+
### CiviEvent
- **batch geocode API does not process event addresses
([23169](https://github.com/civicrm/civicrm-core/pull/23169))**
- **(NFC) mixin/**.php - Add @since tags
- ([23423](https://github.com/civicrm/civicrm-core/pull/23423))**
+ ([23423](https://github.com/civicrm/civicrm-core/pull/23423) and
+ [23440](https://github.com/civicrm/civicrm-core/pull/23440))**
- **(NFC) Skip CliRunnerTest on php80+drush+Backdrop
([23184](https://github.com/civicrm/civicrm-core/pull/23184))**
Twyman; Betty Dolfing; Christian Wach; Circle Interactive - Dave Jenkins, Matt
Trim; CiviCoop - Jaap Jansma; iXiam - Vangelis Pantazis; JMA Consulting - Edsel
Lopez; John Kingsnorth; Joinery - Allen Shaw; Nicol Wistreich; Tadpole
-Collective - Kevin Cristiano;
+Collective - Kevin Cristiano
## <a name="feedback"></a>Feedback
projects / civicrm-core.git / blobdiff