CiviCRM Security Release (5.24.3, 5.21.3 ESR) - Multiple advisories

There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

CiviCRM v5.24.3 CiviCRM v5.21.3 ESR

Below are the security advisories details:

CIVI-SA-2020-01: Sanitize Entity Name CIVI-SA-2020-02: API Key Disclosure CIVI-SA-2020-03: PHP Code Execution via Phar Deserialization CIVI-SA-2020-04: Cross Site Scripting within CiviCase Reports CIVI-SA-2020-05: SQL Injection in Campaign Summary and Delete Activity CIVI-SA-2020-06: SQLI in Query Builder CIVI-SA-2020-07: CSRF in Scheduled Jobs CIVI-SA-2020-08: XSS via JS libraries

A couple of other issues have been fixed in these releases, as described in the official announcement.

Upgrade now for the most stable CiviCRM experience:

To download CiviCRM 5.24.3: https://civicrm.org/download To download CiviCRM 5.21.3 ESR version: https://civicrm.org/esr

Click this link to unsubscribe from this mailing list. Click this link to opt out of all mail from CiviCRM.org. Our mailing address is:
2367 24th Ave
San Francisco, California 94116
United States