CiviCRM Security Release (5.19.2, 5.13.7 ESR) - Multiple advisories

Categories: Self-employed without employees Age: 19 until 30 year 31 until 64 years 65 and older

5 years ago

Html
Text

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

CiviCRM v5.19.2 CiviCRM v5.13.7 ESR

Below are the security advisories details:

CIVI-SA-2019-19: SQL injection in "dedupefind" CIVI-SA-2019-20: Privilege escalation via leaked key CIVI-SA-2019-21: PHP object injection via "Saved Search" and "Report Instance" APIs CIVI-SA-2019-22: Cross-site scripting in dashboard titles CIVI-SA-2019-23: Incorrect storage encoding for APIv4 CIVIEXT-SA-2019-02: Cross-site scripting in CiviCase v5 extension

A couple of other issues have been fixed in these releases, as described in the official announcement.

Upgrade now for the most stable CiviCRM experience:

To download CiviCRM 5.19.2: https://civicrm.org/download To download CiviCRM 5.13.7 ESR version: https://civicrm.org/esr

Note: If you use CiviCRM v5.13.7 ESR with the APIv4 extension ("org.civicrm.api4"), you should double-check that your system is running version 4.4.4. In v5.19+, no extra check is necessary.

CiviCRM security announcements are available from https://civicrm.org/advisory and via the CiviCRM Security Notifications email list.

Click this link to unsubscribe from this mailing list. Click this link to opt out of all mail from CiviCRM.org. Our mailing address is:
2367 24th Ave
San Francisco, California 94116
United States

Share on

Other newsletters from Civicrm.org

CiviCon 2025 Celebrates CiviCRM's 20th Anniversary! Civicrm.org
Last Tuesday at 20:11
CiviCRM Security Release (5.78, 5.75-ESR) Civicrm.org
1 month ago
CiviCRM Community News - October 2024 Civicrm.org
1 month ago

More newsletters from Civicrm.org

Related newsletters

View other categories

Self-employed without employees