Political Futures

Manchester 2023 29th November - 8th December 2023 CiviCRM Manchester 2023 CiviCamp, Sprint and…

More Greetings - Personalised Strings for all Contacts 1.1.0 Extension More Greetings - Personalised…

(Co-authored with Paolo Spada) Introduction For proponents of deliberative democracy, the last couple of years could not have…

CIVI-SA-2023-04: File Type Restrictions CiviCRM's file-upload mechanism includes a guard to limit the range of…

CiviSEPA 1.7.0 Extension CiviSEPA - SEPA Direct Debit Extension BjoernE 2023-01-11 - 05:02 …

CIVI-SA-2023-03: Asset Builder XSS Asset Builder allows CiviCRM and its extensions to generate dynamic assets. A…

CIVI-SA-2023-02: CiviEvent XSS CiviEvent included a vector for reflected cross-site-scripting (XSS) attacks. …

CIVI-SA-2023-01: Help Subsystem RCE The "Help" subsystem did not sufficiently validate the location/origin of its…

Photo by Lewis Nguyen on Unsplash “Civic tech” broadly refers to the use of digital technologies to support a range of citizen…

Image by mohamed Hassan from Pixabay Voices in the Code, by David G. Robinson, is finally out. I had the opportunity to read the…

airmail v2.1 Extension Airmail andie 2022-07-15 - 07:39 Release Date …

CIVI-SA-2022-07: APIv3 Access Bypass A vulnerability in processing APIv3 AJAX requests could allow a malicious…

Manchester 2022 8/10th - 12th October 2022 CiviCRM Manchester 2022 Sprint CiviCRM Manchester 2022 is…

CIVI-SA-2022-06: Dompdf 1.2.1 The "dompdf" library has a vulnerability which allows remote code execution. It may be…

CIVI-SA-2022-05: CKEditor v4.18 CKEditor had a vulnerability that could allow execution of Javascript code. The…

CIVI-SA-2022-04: jQuery UI v1.13 jQuery UI v1.12 included multiple cross-site scripting vulnerabilities. It has not…

This is not a security vulnerability. It is a mitigation to protect against misconfiguration. CiviCRM includes a large number of…

When importing "Participant" records for CiviEvent, some inputs were not suitably escaped.

When accessing the Contribution View page insufficient permission checking was occurring which meant that if you knew the url and…

A few weeks prior to 24 February, I’d given up reading the news. It was a very happy time. Since Russia’s invasion of Ukraine,…