X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=release-notes%2F5.50.0.md;h=1300f62ad2f2bf791ba76bf4d4197f81d1116388;hb=86b783d8c75410d387d2b702610d07a36fff04eb;hp=a734de61f37ea1e259c8f71c6846fd0bb01efe9e;hpb=ec59969e4f80c9d1a1fe143a40630056e85f32b0;p=civicrm-core.git
diff --git a/release-notes/5.50.0.md b/release-notes/5.50.0.md
index a734de61f3..1300f62ad2 100644
--- a/release-notes/5.50.0.md
+++ b/release-notes/5.50.0.md
@@ -3,6 +3,7 @@
Released June 1, 2022
- **[Synopsis](#synopsis)**
+- **[Security advisories](#security)**
- **[Features](#features)**
- **[Bugs resolved](#bugs)**
- **[Miscellany](#misc)**
@@ -13,7 +14,7 @@ Released June 1, 2022
| *Does this version...?* | |
|:--------------------------------------------------------------- |:-------:|
-| Fix security vulnerabilities? | no |
+| Fix security vulnerabilities? | **yes** |
| **Change the database schema?** | **yes** |
| **Alter the API?** | **yes** |
| Require attention to configuration options? | no |
@@ -21,6 +22,10 @@ Released June 1, 2022
| **Introduce features?** | **yes** |
| **Fix bugs?** | **yes** |
+## Security advisories
+
+- **[CIVI-SA-2022-07: APIv3 Access Bypass](https://civicrm.org/advisory/civi-sa-2022-07-apiv3-access-bypass)**
+
## Features
### Core CiviCRM
@@ -28,20 +33,22 @@ Released June 1, 2022
- **System Check - Add a reminder about CIVICRM_SIGN_KEYS.
([23224](https://github.com/civicrm/civicrm-core/pull/23224))**
- Adds a system status check regarding CIVICRM_SIGN_KEYS.
+ Adds a system status check that generates a reminder about cryptographic
+ signing keys.
- **Restrict allowed uploads - contact image
([23147](https://github.com/civicrm/civicrm-core/pull/23147))**
Restrict file types allowed for the contact image field.
-
+
- **Add tracking table for import jobs
([dev/core#1307](https://lab.civicrm.org/dev/core/-/issues/1307):
[23199](https://github.com/civicrm/civicrm-core/pull/23199) and
[23245](https://github.com/civicrm/civicrm-core/pull/23245))**
- Adds a table for the purpose of tracking user jobs (imports) and associated
- temp tables and starts tracking the submittedValues and data source with it.
+ This adds a new table for the purpose of tracking user jobs (e.g. imports) and
+ associated temp tables and starts tracking the submittedValues and data source
+ with it.
- **CustomFields - Improve metadata about which custom groups belong to which
entities ([23336](https://github.com/civicrm/civicrm-core/pull/23336))**
@@ -49,6 +56,22 @@ Released June 1, 2022
Makes the relationship between Custom Field Groups, entity types and subtypes
discoverable via APIv4 metadata.
+- **Upgrader - Add support for automatic snapshots
+ ([23522](https://github.com/civicrm/civicrm-core/pull/23522) and
+ [23544](https://github.com/civicrm/civicrm-core/pull/23594))**
+
+ This adds a utility for recording a snapshot of certain columns in a database
+ table prior to applying any upgrade steps to it. This will make it easier to
+ roll back or compare changes if necessary after the upgrade.
+
+ The snapshot tables begin with the prefix `snap_civicrm_` and will be cleaned
+ up after a certain number of minor version upgrades. For now, the feature is
+ disabled by default, but you may enable it by adding
+
+ define('CIVICRM_UPGRADE_SNAPSHOT', TRUE);
+
+ to the settings file.
+
- **Api4 - minor fixes and updates
([23310](https://github.com/civicrm/civicrm-core/pull/23310))**
@@ -141,7 +164,9 @@ Released June 1, 2022
([dev/core#3249](https://lab.civicrm.org/dev/core/-/issues/3249):
[23313](https://github.com/civicrm/civicrm-core/pull/23313))**
- Makes casetype a managed entity.
+ This makes `CaseType` in APIv4 a managed entity. This is part of a move
+ towards having all cases defined in configuration and deprecating XML-defined
+ case types.
### CiviContribute
@@ -180,6 +205,13 @@ Released June 1, 2022
([dev/core#3164](https://lab.civicrm.org/dev/core/-/issues/3164):
[23191](https://github.com/civicrm/civicrm-core/pull/23191))**
+- **Fix 'Authorization Failed' regression when submitting eg. webform via
+ checksum ([23607](https://github.com/civicrm/civicrm-core/pull/23607))**
+
+ This resolves a bug where accessing an entity through APIv3, coming in via a
+ checksum link, results in a failed authorization for the step of updating the
+ recent items stack via APIv4.
+
- **Manage Extensions - Hide nag for core exts
([dev/core#3171](https://lab.civicrm.org/dev/core/-/issues/3171):
[23204](https://github.com/civicrm/civicrm-core/pull/23204))**
@@ -210,6 +242,12 @@ Released June 1, 2022
- **SearchKit - Move grid css to its own file
([23315](https://github.com/civicrm/civicrm-core/pull/23315))**
+- **SearchKit - Fix 'undefined var' error after import
+ ([23572](https://github.com/civicrm/civicrm-core/pull/23572))**
+
+ Fixes an unresponsive screen after importing multiple records into SearchKit
+ (using the Import dialog).
+
- **add missing Parishes of Bermuda (civicrm_state_province)
([23339](https://github.com/civicrm/civicrm-core/pull/23339))**
@@ -327,6 +365,9 @@ Released June 1, 2022
- **Apply nodefaults to contact tabs for escape-on-output
([23232](https://github.com/civicrm/civicrm-core/pull/23232))**
+- **MultipleRecordFieldsListing.tpl - JS strings should us JS escaping
+ ([23499](https://github.com/civicrm/civicrm-core/pull/23499))**
+
### CiviCampaign
- **update-supporter-url
@@ -374,6 +415,18 @@ Released June 1, 2022
Definitively load main files during bootstrap.
+- **Fix empty money handling
+ ([23528](https://github.com/civicrm/civicrm-core/pull/23528))**
+
+ Tokens representing money fields will now default to 0 for empty values.
+
+- **Calculate unit_price based on qty
+ ([23566](https://github.com/civicrm/civicrm-core/pull/23566))**
+
+ This resolves a bug when a template contribution was created for a recurring
+ contribution: the unit_price on the line item was set to match the line_total,
+ ignoring qty.
+
### CiviEvent
- **batch geocode API does not process event addresses
@@ -668,7 +721,8 @@ Released June 1, 2022
([23169](https://github.com/civicrm/civicrm-core/pull/23169))**
- **(NFC) mixin/**.php - Add @since tags
- ([23423](https://github.com/civicrm/civicrm-core/pull/23423))**
+ ([23423](https://github.com/civicrm/civicrm-core/pull/23423) and
+ [23440](https://github.com/civicrm/civicrm-core/pull/23440))**
- **(NFC) Skip CliRunnerTest on php80+drush+Backdrop
([23184](https://github.com/civicrm/civicrm-core/pull/23184))**
@@ -710,7 +764,7 @@ Andreas Howiller; Andy Burns; Artful Robot - Rich Lott; Australian Greens - John
Twyman; Betty Dolfing; Christian Wach; Circle Interactive - Dave Jenkins, Matt
Trim; CiviCoop - Jaap Jansma; iXiam - Vangelis Pantazis; JMA Consulting - Edsel
Lopez; John Kingsnorth; Joinery - Allen Shaw; Nicol Wistreich; Tadpole
-Collective - Kevin Cristiano;
+Collective - Kevin Cristiano
## Feedback