diff --git a/civicrm.php b/civicrm.php
index 6dabe4c6c8db804169885195aae4f45693fd3550..a7b7be332b048b3baa12d741c5e4e47b985e490c 100644
--- a/civicrm.php
+++ b/civicrm.php
@@ -2,7 +2,7 @@
/**
* Plugin Name: CiviCRM
* Description: CiviCRM - Growing and Sustaining Relationships
- * Version: 5.57.0
+ * Version: 5.57.1
* Requires at least: 4.9
* Requires PHP: 7.2
* Author: CiviCRM LLC
@@ -36,7 +36,7 @@ if (!defined('ABSPATH')) {
}
// Set version here: changing it forces Javascript and CSS to reload.
-define('CIVICRM_PLUGIN_VERSION', '5.57.0');
+define('CIVICRM_PLUGIN_VERSION', '5.57.1');
// Store reference to this file.
if (!defined('CIVICRM_PLUGIN_FILE')) {
diff --git a/civicrm/CRM/Financial/BAO/Order.php b/civicrm/CRM/Financial/BAO/Order.php
index f1ed6c04da2fe1d01a3e0504de3f2c146279e1df..8e922722bffd302dcda12768e7cca6ce8f05c2a0 100644
--- a/civicrm/CRM/Financial/BAO/Order.php
+++ b/civicrm/CRM/Financial/BAO/Order.php
@@ -1246,7 +1246,7 @@ class CRM_Financial_BAO_Order {
$lineItemTitle .= ' ' . CRM_Utils_String::ellipsify($description, 30);
}
}
- return $lineItemTitle;
+ return $lineItemTitle ?? '';
}
}
diff --git a/civicrm/CRM/Utils/Check/Component/Security.php b/civicrm/CRM/Utils/Check/Component/Security.php
index f449a09518accf3829d059d7c78eb610cb496c67..f4852db380fc446f406309b4b263121bd9b29f9c 100644
--- a/civicrm/CRM/Utils/Check/Component/Security.php
+++ b/civicrm/CRM/Utils/Check/Component/Security.php
@@ -210,11 +210,11 @@ class CRM_Utils_Check_Component_Security extends CRM_Utils_Check_Component {
if (!$found) {
$messages[] = new CRM_Utils_Check_Message(
__FUNCTION__,
- ts('Some components and extensions may need to generate cryptographic signatures. Please configure <a %1>CIVICRM_SIGN_KEYS</a>. ',
+ ts('The system requires a cryptographic signing key. Please configure <a %1>CIVICRM_SIGN_KEYS</a>. ',
[1 => 'href="https://docs.civicrm.org/sysadmin/en/latest/setup/secret-keys/" target="_blank"']
),
- ts('Signing Key Recommended'),
- \Psr\Log\LogLevel::NOTICE,
+ ts('Signing Key Required'),
+ \Psr\Log\LogLevel::ERROR,
'fa-lock'
);
}
diff --git a/civicrm/CRM/Utils/Hook/Joomla.php b/civicrm/CRM/Utils/Hook/Joomla.php
index e844c4abbb4015044caeedf8fcca38c935cf1666..4f95215cd652682ffe09015ba09a88e8eb69bba5 100644
--- a/civicrm/CRM/Utils/Hook/Joomla.php
+++ b/civicrm/CRM/Utils/Hook/Joomla.php
@@ -73,6 +73,9 @@ class CRM_Utils_Hook_Joomla extends CRM_Utils_Hook {
if (version_compare(JVERSION, '3.0', 'lt')) {
$app = JCli::getInstance();
}
+ elseif (version_compare(JVERSION, '4.0', 'lt')) {
+ $app = JApplicationCli::getInstance();
+ }
else {
$app = \Joomla\CMS\Factory::getApplication();
}
diff --git a/civicrm/Civi/Core/AssetBuilder.php b/civicrm/Civi/Core/AssetBuilder.php
index e723525ff12efd0f18ba63621efb2d67109deefe..69a4a57d78507a0ec87beca016c6db6da0dc4adb 100644
--- a/civicrm/Civi/Core/AssetBuilder.php
+++ b/civicrm/Civi/Core/AssetBuilder.php
@@ -138,9 +138,14 @@ class AssetBuilder extends \Civi\Core\Service\AutoService {
}
else {
return \CRM_Utils_System::url('civicrm/asset/builder', [
+ // The 'an' and 'ad' provide hints for cache lifespan and debugging/inspection.
'an' => $name,
- 'ap' => $this->encode($params),
'ad' => $this->digest($name, $params),
+ 'aj' => \Civi::service('crypto.jwt')->encode([
+ 'asset' => [$name, $params],
+ 'exp' => 86400 * (floor(\CRM_Utils_Time::time() / 86400) + 2),
+ // Caching-friendly TTL -- We want the URL to be stable for a decent amount of time.
+ ], ['SIGN', 'WEAK_SIGN']),
], TRUE, NULL, FALSE);
}
}
@@ -281,7 +286,6 @@ class AssetBuilder extends \Civi\Core\Service\AutoService {
* @return string
*/
protected function digest($name, $params) {
- // WISHLIST: For secure digest, generate+persist privatekey & call hash_hmac.
ksort($params);
$digest = md5(
$name .
@@ -292,40 +296,6 @@ class AssetBuilder extends \Civi\Core\Service\AutoService {
return $digest;
}
- /**
- * Encode $params in a format that's optimized for shorter URLs.
- *
- * @param array $params
- * @return string
- */
- protected function encode($params) {
- if (empty($params)) {
- return '';
- }
-
- $str = json_encode($params);
- if (function_exists('gzdeflate')) {
- $str = gzdeflate($str);
- }
- return base64_encode($str);
- }
-
- /**
- * @param string $str
- * @return array
- */
- protected function decode($str) {
- if ($str === NULL || $str === FALSE || $str === '') {
- return [];
- }
-
- $str = base64_decode($str);
- if (function_exists('gzdeflate')) {
- $str = gzinflate($str);
- }
- return json_decode($str, TRUE);
- }
-
/**
* @return bool
*/
@@ -372,16 +342,9 @@ class AssetBuilder extends \Civi\Core\Service\AutoService {
/** @var Assetbuilder $assets */
$assets = \Civi::service('asset_builder');
- $expectDigest = $assets->digest($get['an'], $assets->decode($get['ap']));
- if ($expectDigest !== $get['ad']) {
- return [
- 'statusCode' => 500,
- 'mimeType' => 'text/plain',
- 'content' => 'Invalid digest',
- ];
- }
-
- return $assets->render($get['an'], $assets->decode($get['ap']));
+ $obj = \Civi::service('crypto.jwt')->decode($get['aj'], ['SIGN', 'WEAK_SIGN']);
+ $arr = json_decode(json_encode($obj), TRUE);
+ return $assets->render($arr['asset'][0], $arr['asset'][1]);
}
catch (UnknownAssetException $e) {
return [
diff --git a/civicrm/Civi/Crypto/CryptoRegistry.php b/civicrm/Civi/Crypto/CryptoRegistry.php
index 0ae3d1afd20b0ccddc24827ac3d26d38c8bb0e7c..b45927c8fcb5391ab19de5e0dbe85f8d8b7cf9bb 100644
--- a/civicrm/Civi/Crypto/CryptoRegistry.php
+++ b/civicrm/Civi/Crypto/CryptoRegistry.php
@@ -84,6 +84,31 @@ class CryptoRegistry {
$registry->addSymmetricKey($registry->parseKey($keyExpr) + $key);
}
}
+ else {
+ // If you are upgrading an old site that does not have a signing key, then there is a status-check advising you to fix it.
+ // But apparently the current site hasn't fixed it yet. The UI+AssetBuilder need to work long enough for sysadmin to discover/resolve.
+ // This fallback is sufficient for short-term usage in limited scenarios (AssetBuilder=>OK; AuthX=>No).
+ // In a properly configured system, the WEAK_SIGN key is strictly unavailable - s.t. a normal site never uses WEAK_SIGN.
+ $registry->addSymmetricKey([
+ 'tags' => ['WEAK_SIGN'],
+ 'suite' => 'jwt-hs256',
+ 'key' => hash_hkdf('sha256',
+ json_encode([
+ // DSN's and site-keys should usually be sufficient, but it's not strongly guaranteed,
+ // so we'll toss in more spaghetti. (At a minimum, this should mitigate bots/crawlers.)
+ \CRM_Utils_Constant::value('CIVICRM_DSN'),
+ \CRM_Utils_Constant::value('CIVICRM_UF_DSN'),
+ \CRM_Utils_Constant::value('CIVICRM_SITE_KEY') ?: $GLOBALS['civicrm_root'],
+ \CRM_Utils_Constant::value('CIVICRM_UF_BASEURL'),
+ \CRM_Utils_Constant::value('CIVICRM_DB_CACHE_PASSWORD'),
+ \CRM_Utils_System::getSiteID(),
+ \CRM_Utils_System::version(),
+ \CRM_Core_Config::singleton()->userSystem->getVersion(),
+ $_SERVER['HTTP_HOST'] ?? '',
+ ])
+ ),
+ ]);
+ }
//if (isset($_COOKIE['CIVICRM_FORM_KEY'])) {
// $crypto->addSymmetricKey([
@@ -243,14 +268,15 @@ class CryptoRegistry {
/**
* Find all the keys that apply to a tag.
*
- * @param string $keyTag
+ * @param string|string[] $keyTag
*
* @return array
* List of keys, indexed by id, ordered by weight.
*/
public function findKeysByTag($keyTag) {
+ $keyTag = (array) $keyTag;
$keys = array_filter($this->keys, function ($key) use ($keyTag) {
- return in_array($keyTag, $key['tags'] ?? []);
+ return !empty(array_intersect($keyTag, $key['tags'] ?? []));
});
uasort($keys, function($a, $b) {
return ($a['weight'] ?? 0) - ($b['weight'] ?? 0);
diff --git a/civicrm/civicrm-version.php b/civicrm/civicrm-version.php
index 807111060fa611f326fed07776e88b4b614aadd5..b353ae531d69257625a6ac83221d119e8543e627 100644
--- a/civicrm/civicrm-version.php
+++ b/civicrm/civicrm-version.php
@@ -1,7 +1,7 @@
<?php
/** @deprecated */
function civicrmVersion( ) {
- return array( 'version' => '5.57.0',
+ return array( 'version' => '5.57.1',
'cms' => 'Wordpress',
'revision' => '' );
}
diff --git a/civicrm/ext/afform/admin/info.xml b/civicrm/ext/afform/admin/info.xml
index 895a4c8792ac475bd94fe8e13337d666946a6b6c..0f8f8f423493dcb1b66c63f19ad8307b4bd2781d 100644
--- a/civicrm/ext/afform/admin/info.xml
+++ b/civicrm/ext/afform/admin/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>beta</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/afform/core/info.xml b/civicrm/ext/afform/core/info.xml
index 15319db3feb5b5b73115911cd6b5491cbbd5331d..434f5154b4ae1149358b7040781d805f205db880 100644
--- a/civicrm/ext/afform/core/info.xml
+++ b/civicrm/ext/afform/core/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>beta</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/afform/html/info.xml b/civicrm/ext/afform/html/info.xml
index 73270f368d9ead41acb6ba5aa40a6bc91a2d552d..1cb4104bf08bc78a273cba3de75cc47ac1831435 100644
--- a/civicrm/ext/afform/html/info.xml
+++ b/civicrm/ext/afform/html/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/afform/mock/info.xml b/civicrm/ext/afform/mock/info.xml
index 347828c94ce71b3bb2353daa9261460f90ef2818..c7172e0e00db02117fef3c463820f963b2f773ef 100644
--- a/civicrm/ext/afform/mock/info.xml
+++ b/civicrm/ext/afform/mock/info.xml
@@ -12,7 +12,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/authx/info.xml b/civicrm/ext/authx/info.xml
index 6ca24cc94fbd71690424e17bdc3a6a9046bbd186..ed50b21a08b6be2efb290208aaa0534dee11fdd9 100644
--- a/civicrm/ext/authx/info.xml
+++ b/civicrm/ext/authx/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-02-11</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/civicrm_admin_ui/info.xml b/civicrm/ext/civicrm_admin_ui/info.xml
index 54447576c03a2efdbc677562b1cb33fae47b7429..55f2a8b851ef1a3a1e9b501d34e3199d3f5f270f 100644
--- a/civicrm/ext/civicrm_admin_ui/info.xml
+++ b/civicrm/ext/civicrm_admin_ui/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-01-02</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/civigrant/info.xml b/civicrm/ext/civigrant/info.xml
index 7af1158ee1a619d2fe1261e3624be653338f59c9..2c23e04151054c6786b7f0ffd9176b7bbf48c024 100644
--- a/civicrm/ext/civigrant/info.xml
+++ b/civicrm/ext/civigrant/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-11-11</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/civiimport/info.xml b/civicrm/ext/civiimport/info.xml
index b806c3e365041d1cc89f6d914235a4c5238edb1c..db18283937af6bbd5ac8a3f3d329b3a5fc7b166d 100644
--- a/civicrm/ext/civiimport/info.xml
+++ b/civicrm/ext/civiimport/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-08-11</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/ckeditor4/info.xml b/civicrm/ext/ckeditor4/info.xml
index 36a23fff39b3e716c74b395e195051f47ef83786..859494e6aa79b5b369898bfa987822760c4abd14 100644
--- a/civicrm/ext/ckeditor4/info.xml
+++ b/civicrm/ext/ckeditor4/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">https://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-05-23</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/contributioncancelactions/info.xml b/civicrm/ext/contributioncancelactions/info.xml
index 29e9041ca41fcd37cdf20513cefa0469f17f650a..71fd534f45a151294d31c959fcdc1f8c189eefe6 100644
--- a/civicrm/ext/contributioncancelactions/info.xml
+++ b/civicrm/ext/contributioncancelactions/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-12</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/elavon/info.xml b/civicrm/ext/elavon/info.xml
index f27a8f977efcf0da115cd5746ab26b276e9e432e..f2261f2de8835b55f58c6da459600496865ee134 100644
--- a/civicrm/ext/elavon/info.xml
+++ b/civicrm/ext/elavon/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-08-05</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/eventcart/info.xml b/civicrm/ext/eventcart/info.xml
index d658ea8b42e59437145a70c5121370350a098c04..a914ff700cc6652350f7a7aad3b1b1c018bcff41 100644
--- a/civicrm/ext/eventcart/info.xml
+++ b/civicrm/ext/eventcart/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-03</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/ewaysingle/info.xml b/civicrm/ext/ewaysingle/info.xml
index fcba52f50f1c4837fd38d8213602620b046fa92d..5427e196742d91acfe1cbdcd8885e43de5ce5c9f 100644
--- a/civicrm/ext/ewaysingle/info.xml
+++ b/civicrm/ext/ewaysingle/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-07</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/financialacls/info.xml b/civicrm/ext/financialacls/info.xml
index 97b552edd80fbfc6f0a32947e5cc2e6ae8124362..d9ec7fc3c185bb7510c1d31f80b419e4dd96ef51 100644
--- a/civicrm/ext/financialacls/info.xml
+++ b/civicrm/ext/financialacls/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-27</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/flexmailer/info.xml b/civicrm/ext/flexmailer/info.xml
index 3da53d14e019fc9648ee0878b89eb9efd10f4743..fb8dd2b138566782b5bca3e693c49a0db2af6fdf 100644
--- a/civicrm/ext/flexmailer/info.xml
+++ b/civicrm/ext/flexmailer/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-05</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<comments>
FlexMailer is an email delivery engine which replaces the internal guts
diff --git a/civicrm/ext/greenwich/info.xml b/civicrm/ext/greenwich/info.xml
index 7fd9defbdc3eff6e4f3da0f28b2a2f85b1380713..c47a3b0d08664ce925af0f2be9b8ccf49e1f4104 100644
--- a/civicrm/ext/greenwich/info.xml
+++ b/civicrm/ext/greenwich/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-07-21</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/legacycustomsearches/info.xml b/civicrm/ext/legacycustomsearches/info.xml
index 5c8a7bb014014ba4eb83aafb1f97dacf5a2c4501..91561692d7e77c17b41e89016efdee8d376610b2 100644
--- a/civicrm/ext/legacycustomsearches/info.xml
+++ b/civicrm/ext/legacycustomsearches/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-07-25</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<tags>
<tag>mgmt:hidden</tag>
diff --git a/civicrm/ext/message_admin/info.xml b/civicrm/ext/message_admin/info.xml
index f7f8a6512d8b8b596ab9c8579fa3c78f7ed141c9..55a6aad6b9137e6cf87c1f6306fe0ee94c6dedb5 100644
--- a/civicrm/ext/message_admin/info.xml
+++ b/civicrm/ext/message_admin/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-06-12</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/oauth-client/info.xml b/civicrm/ext/oauth-client/info.xml
index ac4a42c71c68bd51fefe35e871de28b2b7d87973..9a720a0e873671559bff3e00f57027c3c4545894 100644
--- a/civicrm/ext/oauth-client/info.xml
+++ b/civicrm/ext/oauth-client/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-23</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/payflowpro/info.xml b/civicrm/ext/payflowpro/info.xml
index c20ad660a37c98e58763e10b6a924b43336966a2..c83829ba93b1e506b536f498d766ab4006339a69 100644
--- a/civicrm/ext/payflowpro/info.xml
+++ b/civicrm/ext/payflowpro/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-04-13</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/recaptcha/info.xml b/civicrm/ext/recaptcha/info.xml
index f460860f16af5ae7d4f9e5c30fffe24f3a011c40..9b5da6213934fca411d7c55f79a284e9757b1a4d 100644
--- a/civicrm/ext/recaptcha/info.xml
+++ b/civicrm/ext/recaptcha/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-04-03</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/search_kit/ang/crmSearchTasks/crmSearchTaskUpdate.ctrl.js b/civicrm/ext/search_kit/ang/crmSearchTasks/crmSearchTaskUpdate.ctrl.js
index 0d0005ab0907e88fa773b715ad57d64153fbf261..556bc42ab065cdf04088554f5acccca254b35510 100644
--- a/civicrm/ext/search_kit/ang/crmSearchTasks/crmSearchTaskUpdate.ctrl.js
+++ b/civicrm/ext/search_kit/ang/crmSearchTasks/crmSearchTaskUpdate.ctrl.js
@@ -15,7 +15,7 @@
action: 'update',
select: ['name', 'label', 'description', 'input_type', 'data_type', 'serialize', 'options', 'fk_entity', 'nullable'],
loadOptions: ['id', 'name', 'label', 'description', 'color', 'icon'],
- where: [['deprecated', '=', FALSE], ["readonly", "=", false]],
+ where: [['deprecated', '=', false], ["readonly", "=", false]],
}).then(function(fields) {
ctrl.fields = fields;
});
diff --git a/civicrm/ext/search_kit/info.xml b/civicrm/ext/search_kit/info.xml
index 7c040eed2549503ccbb0f824781c1b65f8fa5cf3..5ab6e94529787900e13472390755d500fa11dac8 100644
--- a/civicrm/ext/search_kit/info.xml
+++ b/civicrm/ext/search_kit/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-01-06</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<tags>
<tag>mgmt:required</tag>
diff --git a/civicrm/ext/sequentialcreditnotes/info.xml b/civicrm/ext/sequentialcreditnotes/info.xml
index 68ba37e3bc9346bfed72e35ab3e9bd9ad03ba795..1c9f1dbe368612fb504609e1923ba0dc943ca842 100644
--- a/civicrm/ext/sequentialcreditnotes/info.xml
+++ b/civicrm/ext/sequentialcreditnotes/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-28</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/release-notes.md b/civicrm/release-notes.md
index 2f03eff17df081f789fec5a6f143bfe7087e9f99..2a2b32fd74a9017dfe465db42a0ed53f85486e1e 100644
--- a/civicrm/release-notes.md
+++ b/civicrm/release-notes.md
@@ -15,6 +15,15 @@ Other resources for identifying changes are:
* https://github.com/civicrm/civicrm-joomla
* https://github.com/civicrm/civicrm-wordpress
+## CiviCRM 5.57.1
+
+Released January 12, 2023
+
+- **[Synopsis](release-notes/5.57.1.md#synopsis)**
+- **[Bugs resolved](release-notes/5.57.1.md#bugs)**
+- **[Credits](release-notes/5.57.1.md#credits)**
+- **[Feedback](release-notes/5.57.1.md#feedback)**
+
## CiviCRM 5.57.0
Released January 4, 2023
diff --git a/civicrm/release-notes/5.57.0.md b/civicrm/release-notes/5.57.0.md
index 6ce27d6609bdaa19802a71ed4543e993e0c7fb03..4bdc17ccb75974c925fbf8d17751d03bc8c21d9a 100644
--- a/civicrm/release-notes/5.57.0.md
+++ b/civicrm/release-notes/5.57.0.md
@@ -14,7 +14,6 @@ Released January 4, 2023
| *Does this version...?* | |
|:--------------------------------------------------------------- |:-------:|
-| Fix security vulnerabilities? | no |
| **Change the database schema?** | **yes** |
| **Alter the API?** | **yes** |
| **Require attention to configuration options?** | **yes** |
@@ -23,7 +22,7 @@ Released January 4, 2023
| **Fix bugs?** | **yes** |
| **Fix security vulnerabilities?** | **yes** |
-## <a name=""security""></a>Security advisories
+## <a name="security"></a>Security advisories
* **[CIVI-SA-2023-01](https://civicrm.org/advisory/civi-sa-2023-01-help-subsystem-rce): RCE via Help Subsystem**
* **[CIVI-SA-2023-02](https://civicrm.org/advisory/civi-sa-2023-02-civievent-xss): XSS via CiviEvent**
diff --git a/civicrm/release-notes/5.57.1.md b/civicrm/release-notes/5.57.1.md
new file mode 100644
index 0000000000000000000000000000000000000000..c306168cab3c971f8d2db0f739c06d6b39097ee2
--- /dev/null
+++ b/civicrm/release-notes/5.57.1.md
@@ -0,0 +1,44 @@
+# CiviCRM 5.57.1
+
+Released January 12, 2023
+
+- **[Synopsis](#synopsis)**
+- **[Bugs resolved](#bugs)**
+- **[Credits](#credits)**
+- **[Feedback](#feedback)**
+
+## <a name="synopsis"></a>Synopsis
+
+| *Does this version...?* | |
+| --------------------------------------------------------------- | -------- |
+| Change the database schema? | no |
+| Alter the API? | no |
+| **Require attention to configuration options?** | **yes** |
+| Fix problems installing or upgrading to a previous version? | no |
+| Introduce features? | no |
+| **Fix bugs?** | **yes** |
+| Fix security vulnerabilities? | no |
+
+## <a name="bugs"></a>Bugs resolved
+
+* **_Asset Builder_: Fix testInvalid() failure. Switch to JWT. ([#25305](https://github.com/civicrm/civicrm-core/pull/25305))**
+* **_CiviContribute_: Listing fails when line-item title is null ([#25300](https://github.com/civicrm/civicrm-core/pull/25300))**
+* **_Joomla_: Restore `cv` compatibility with Joomla 3.x ([dev/core#4060](https://lab.civicrm.org/dev/core/-/issues/4060): [#25306](https://github.com/civicrm/civicrm-core/pull/25306))**
+* **_Search Kit_: Fix "Update" task ([#25289](https://github.com/civicrm/civicrm-core/pull/25289))**
+* **_Status Check_: Raise severity of warning about signing-keys ([#25285](https://github.com/civicrm/civicrm-core/pull/25285))**
+
+ The configuration option `CIVICRM_SIGN_KEYS` has been elevated from "Recommended" to "Required". If not already configured, you may see a prompt to [configure CIVICRM_SIGN_KEYS](https://docs.civicrm.org/sysadmin/en/latest/setup/secret-keys/).
+
+## <a name="credits"></a>Credits
+
+This release was developed by the following authors and reviewers:
+
+Wikimedia Foundation - Eileen McNaughton; Squiffle Consulting - Aidan Saunders; Lighthouse
+Consulting and Design - Brian Shaughnessy; JMA Consulting - Monish Deb, Seamus Lee; Dave
+D; CiviCRM - Coleman Watts, Tim Otten; Artful Robot - Rich Lott
+
+## <a name="feedback"></a>Feedback
+
+These release notes are edited by Tim Otten and Andie Hunt. If you'd like to
+provide feedback on them, please login to https://chat.civicrm.org/civicrm and
+contact `@agh1`.
diff --git a/civicrm/sql/civicrm_data.mysql b/civicrm/sql/civicrm_data.mysql
index a5a372dca2e7167571b4173040ae220db90221b9..c29adf4623eb3a233e9ba7d7bb40a71911408e24 100644
--- a/civicrm/sql/civicrm_data.mysql
+++ b/civicrm/sql/civicrm_data.mysql
@@ -23654,4 +23654,4 @@ INSERT INTO `civicrm_report_instance`
( `domain_id`, `title`, `report_id`, `description`, `permission`, `form_values`)
VALUES
( @domainID, 'Survey Details', 'survey/detail', 'Detailed report for canvassing, phone-banking, walk lists or other surveys.', 'access CiviReport', 'a:39:{s:6:"fields";a:2:{s:9:"sort_name";s:1:"1";s:6:"result";s:1:"1";}s:22:"assignee_contact_id_op";s:2:"eq";s:25:"assignee_contact_id_value";s:0:"";s:12:"sort_name_op";s:3:"has";s:15:"sort_name_value";s:0:"";s:17:"street_number_min";s:0:"";s:17:"street_number_max";s:0:"";s:16:"street_number_op";s:3:"lte";s:19:"street_number_value";s:0:"";s:14:"street_name_op";s:3:"has";s:17:"street_name_value";s:0:"";s:15:"postal_code_min";s:0:"";s:15:"postal_code_max";s:0:"";s:14:"postal_code_op";s:3:"lte";s:17:"postal_code_value";s:0:"";s:7:"city_op";s:3:"has";s:10:"city_value";s:0:"";s:20:"state_province_id_op";s:2:"in";s:23:"state_province_id_value";a:0:{}s:13:"country_id_op";s:2:"in";s:16:"country_id_value";a:0:{}s:12:"survey_id_op";s:2:"in";s:15:"survey_id_value";a:0:{}s:12:"status_id_op";s:2:"eq";s:15:"status_id_value";s:1:"1";s:11:"custom_1_op";s:2:"in";s:14:"custom_1_value";a:0:{}s:11:"custom_2_op";s:2:"in";s:14:"custom_2_value";a:0:{}s:17:"custom_3_relative";s:1:"0";s:13:"custom_3_from";s:0:"";s:11:"custom_3_to";s:0:"";s:11:"description";s:75:"Detailed report for canvassing, phone-banking, walk lists or other surveys.";s:13:"email_subject";s:0:"";s:8:"email_to";s:0:"";s:8:"email_cc";s:0:"";s:10:"permission";s:17:"access CiviReport";s:6:"groups";s:0:"";s:9:"domain_id";i:1;}');
-UPDATE civicrm_domain SET version = '5.57.0';
+UPDATE civicrm_domain SET version = '5.57.1';
diff --git a/civicrm/sql/civicrm_generated.mysql b/civicrm/sql/civicrm_generated.mysql
index 434d545bad407b5f0695b876d7bdcc24ec5bf4d2..e5435b1b1fbfbd37f06f130a9b92b68d4665b1c4 100644
--- a/civicrm/sql/civicrm_generated.mysql
+++ b/civicrm/sql/civicrm_generated.mysql
@@ -3056,7 +3056,7 @@ UNLOCK TABLES;
LOCK TABLES `civicrm_domain` WRITE;
/*!40000 ALTER TABLE `civicrm_domain` DISABLE KEYS */;
INSERT INTO `civicrm_domain` (`id`, `name`, `description`, `version`, `contact_id`, `locales`, `locale_custom_strings`) VALUES
- (1,'Default Domain Name',NULL,'5.57.0',1,NULL,'a:1:{s:5:\"en_US\";a:0:{}}');
+ (1,'Default Domain Name',NULL,'5.57.1',1,NULL,'a:1:{s:5:\"en_US\";a:0:{}}');
/*!40000 ALTER TABLE `civicrm_domain` ENABLE KEYS */;
UNLOCK TABLES;
diff --git a/civicrm/vendor/autoload.php b/civicrm/vendor/autoload.php
index 0ce4e8ba12f20f6c61e87f798206a01ce2d334b5..2c27cd7d1f82fe5b3b4d243b382f1a6439036d40 100644
--- a/civicrm/vendor/autoload.php
+++ b/civicrm/vendor/autoload.php
@@ -4,4 +4,4 @@
require_once __DIR__ . '/composer/autoload_real.php';
-return ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b::getLoader();
+return ComposerAutoloaderInit33b931cc9909fb98223956c347efaa64::getLoader();
diff --git a/civicrm/vendor/composer/autoload_real.php b/civicrm/vendor/composer/autoload_real.php
index a33b5b8af467a4d7e2ecd498d13027bd3a95046a..bcfb5bd97b1063ad624e6f0a5dff62151052466d 100644
--- a/civicrm/vendor/composer/autoload_real.php
+++ b/civicrm/vendor/composer/autoload_real.php
@@ -2,7 +2,7 @@
// autoload_real.php @generated by Composer
-class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
+class ComposerAutoloaderInit33b931cc9909fb98223956c347efaa64
{
private static $loader;
@@ -24,9 +24,9 @@ class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
require __DIR__ . '/platform_check.php';
- spl_autoload_register(array('ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b', 'loadClassLoader'), true, true);
+ spl_autoload_register(array('ComposerAutoloaderInit33b931cc9909fb98223956c347efaa64', 'loadClassLoader'), true, true);
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
- spl_autoload_unregister(array('ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b', 'loadClassLoader'));
+ spl_autoload_unregister(array('ComposerAutoloaderInit33b931cc9909fb98223956c347efaa64', 'loadClassLoader'));
$includePaths = require __DIR__ . '/include_paths.php';
$includePaths[] = get_include_path();
@@ -36,7 +36,7 @@ class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
if ($useStaticLoader) {
require __DIR__ . '/autoload_static.php';
- call_user_func(\Composer\Autoload\ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::getInitializer($loader));
+ call_user_func(\Composer\Autoload\ComposerStaticInit33b931cc9909fb98223956c347efaa64::getInitializer($loader));
} else {
$map = require __DIR__ . '/autoload_namespaces.php';
foreach ($map as $namespace => $path) {
@@ -57,12 +57,12 @@ class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
$loader->register(true);
if ($useStaticLoader) {
- $includeFiles = Composer\Autoload\ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$files;
+ $includeFiles = Composer\Autoload\ComposerStaticInit33b931cc9909fb98223956c347efaa64::$files;
} else {
$includeFiles = require __DIR__ . '/autoload_files.php';
}
foreach ($includeFiles as $fileIdentifier => $file) {
- composerRequire332dc1086b4b914c5f8107e66f69267b($fileIdentifier, $file);
+ composerRequire33b931cc9909fb98223956c347efaa64($fileIdentifier, $file);
}
return $loader;
@@ -74,7 +74,7 @@ class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
* @param string $file
* @return void
*/
-function composerRequire332dc1086b4b914c5f8107e66f69267b($fileIdentifier, $file)
+function composerRequire33b931cc9909fb98223956c347efaa64($fileIdentifier, $file)
{
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
diff --git a/civicrm/vendor/composer/autoload_static.php b/civicrm/vendor/composer/autoload_static.php
index ca141f3b1c5393c7133886f2d8a6453e295a1109..3047378057c65b3b0ff496387cc4d3e41cafbcbb 100644
--- a/civicrm/vendor/composer/autoload_static.php
+++ b/civicrm/vendor/composer/autoload_static.php
@@ -4,7 +4,7 @@
namespace Composer\Autoload;
-class ComposerStaticInit332dc1086b4b914c5f8107e66f69267b
+class ComposerStaticInit33b931cc9909fb98223956c347efaa64
{
public static $files = array (
'a4a119a56e50fbb293281d9a48007e0e' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
@@ -738,11 +738,11 @@ class ComposerStaticInit332dc1086b4b914c5f8107e66f69267b
public static function getInitializer(ClassLoader $loader)
{
return \Closure::bind(function () use ($loader) {
- $loader->prefixLengthsPsr4 = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$prefixLengthsPsr4;
- $loader->prefixDirsPsr4 = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$prefixDirsPsr4;
- $loader->prefixesPsr0 = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$prefixesPsr0;
- $loader->fallbackDirsPsr0 = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$fallbackDirsPsr0;
- $loader->classMap = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$classMap;
+ $loader->prefixLengthsPsr4 = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$prefixLengthsPsr4;
+ $loader->prefixDirsPsr4 = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$prefixDirsPsr4;
+ $loader->prefixesPsr0 = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$prefixesPsr0;
+ $loader->fallbackDirsPsr0 = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$fallbackDirsPsr0;
+ $loader->classMap = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$classMap;
}, null, ClassLoader::class);
}
diff --git a/civicrm/vendor/composer/include_paths.php b/civicrm/vendor/composer/include_paths.php
index a9e5095a28125439047659e648a7cc0a2c6c171f..189ce0e9b6cf55031ce76c58174cb9f3eb050687 100644
--- a/civicrm/vendor/composer/include_paths.php
+++ b/civicrm/vendor/composer/include_paths.php
@@ -7,8 +7,8 @@ $baseDir = dirname($vendorDir);
return array(
$vendorDir . '/tecnickcom',
- $vendorDir . '/pear/auth_sasl',
$vendorDir . '/pear/pear_exception',
+ $vendorDir . '/pear/auth_sasl',
$vendorDir . '/pear/console_getopt',
$vendorDir . '/pear/pear-core-minimal/src',
$vendorDir . '/pear/db',
diff --git a/civicrm/vendor/composer/installed.php b/civicrm/vendor/composer/installed.php
index d5f66d42a8ce5640c53063b155047da8554d0fb6..5c942d443372279bbaca8f83fcae88337ec513ee 100644
--- a/civicrm/vendor/composer/installed.php
+++ b/civicrm/vendor/composer/installed.php
@@ -5,7 +5,7 @@
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
- 'reference' => 'c201aeb3f7d75a32161bee17873922c3c9a88a6b',
+ 'reference' => 'c8c56978a794cbe0a83cc13199281c6423b93c0a',
'name' => 'civicrm/civicrm-core',
'dev' => true,
),
@@ -61,7 +61,7 @@
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
- 'reference' => 'c201aeb3f7d75a32161bee17873922c3c9a88a6b',
+ 'reference' => 'c8c56978a794cbe0a83cc13199281c6423b93c0a',
'dev_requirement' => false,
),
'civicrm/civicrm-cxn-rpc' => array(
diff --git a/civicrm/xml/version.xml b/civicrm/xml/version.xml
index f0594fbb124a00ca5bc1f792039e8c9ab3aaaa45..fb6db02f7d62636fb166af93856a988fd04f2aa9 100644
--- a/civicrm/xml/version.xml
+++ b/civicrm/xml/version.xml
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="iso-8859-1" ?>
<version>
- <version_no>5.57.0</version_no>
+ <version_no>5.57.1</version_no>
</version>