The CiviCRM development team has announced the availability of version 3.3.5 which includes two critical security updates as well as fixing a few bugs. The security updates include a fix for a cross-site scripting problem whereby the site could be exploited to execute arbitrary JavaScript code. The other issue is a permissioning vulnerability, which allowed anonymous users to potentially change information for another contact.
Overview of Feature List Covered in this Release:
- CiviMail workflow functionality (Rules Integration). Read more here.
- Back-office staff can now enter recurring contributions for constituents. Constituents can signup for automatically renewing memberships via online contribution pages. Back-office staff can also create auto-renew memberships. (Both features require use of Authorize.net, PayPal Pro or PayPal Standard payment processors) Read more here.
- First version of new CiviCampaign component, it includes initial support for Canvassing, Surveys and Petitions.
- Advanced search extended to show objects other than contacts (and object related actions) - including activities, contributions, etc.
- Serious dedupe performance improvements.
- First take on extension mechanism for CiviCRM, allowing creation and distribution of plugins (payment processors, custom search, custom report templates for now).
- New case and grant reports.
- Better "session" management support for CiviEvent.
- First version of database logging, so you will be able to see who changed what and when.
- Address sharing between any two contacts.
All HeronGrace client sites have been upgraded to the newest version per this announcement.
HeronGrace is a consultancy focused on providing fundraising and management solutions to nonprofit organizations (NPOs).
