From f0c754fd5b7d0bb82b86a3d4c15ff480427bfaf1 Mon Sep 17 00:00:00 2001
From: Kevin Cristiano <kcristiano@kcristiano.com>
Date: Thu, 12 Jan 2023 07:06:42 -0500
Subject: [PATCH] civicrm release-5.57.1
---
civicrm.php | 4 +-
civicrm/CRM/Financial/BAO/Order.php | 2 +-
.../CRM/Utils/Check/Component/Security.php | 6 +-
civicrm/CRM/Utils/Hook/Joomla.php | 3 +
civicrm/Civi/Core/AssetBuilder.php | 55 +++----------------
civicrm/Civi/Crypto/CryptoRegistry.php | 30 +++++++++-
civicrm/civicrm-version.php | 2 +-
civicrm/ext/afform/admin/info.xml | 2 +-
civicrm/ext/afform/core/info.xml | 2 +-
civicrm/ext/afform/html/info.xml | 2 +-
civicrm/ext/afform/mock/info.xml | 2 +-
civicrm/ext/authx/info.xml | 2 +-
civicrm/ext/civicrm_admin_ui/info.xml | 2 +-
civicrm/ext/civigrant/info.xml | 2 +-
civicrm/ext/civiimport/info.xml | 2 +-
civicrm/ext/ckeditor4/info.xml | 2 +-
.../ext/contributioncancelactions/info.xml | 2 +-
civicrm/ext/elavon/info.xml | 2 +-
civicrm/ext/eventcart/info.xml | 2 +-
civicrm/ext/ewaysingle/info.xml | 2 +-
civicrm/ext/financialacls/info.xml | 2 +-
civicrm/ext/flexmailer/info.xml | 2 +-
civicrm/ext/greenwich/info.xml | 2 +-
civicrm/ext/legacycustomsearches/info.xml | 2 +-
civicrm/ext/message_admin/info.xml | 2 +-
civicrm/ext/oauth-client/info.xml | 2 +-
civicrm/ext/payflowpro/info.xml | 2 +-
civicrm/ext/recaptcha/info.xml | 2 +-
.../crmSearchTaskUpdate.ctrl.js | 2 +-
civicrm/ext/search_kit/info.xml | 2 +-
civicrm/ext/sequentialcreditnotes/info.xml | 2 +-
civicrm/release-notes.md | 9 +++
civicrm/release-notes/5.57.0.md | 3 +-
civicrm/release-notes/5.57.1.md | 44 +++++++++++++++
civicrm/sql/civicrm_data.mysql | 2 +-
civicrm/sql/civicrm_generated.mysql | 2 +-
civicrm/vendor/autoload.php | 2 +-
civicrm/vendor/composer/autoload_real.php | 14 ++---
civicrm/vendor/composer/autoload_static.php | 12 ++--
civicrm/vendor/composer/include_paths.php | 2 +-
civicrm/vendor/composer/installed.php | 4 +-
civicrm/xml/version.xml | 2 +-
42 files changed, 145 insertions(+), 101 deletions(-)
create mode 100644 civicrm/release-notes/5.57.1.md
diff --git a/civicrm.php b/civicrm.php
index 6dabe4c6c8..a7b7be332b 100644
--- a/civicrm.php
+++ b/civicrm.php
@@ -2,7 +2,7 @@
/**
* Plugin Name: CiviCRM
* Description: CiviCRM - Growing and Sustaining Relationships
- * Version: 5.57.0
+ * Version: 5.57.1
* Requires at least: 4.9
* Requires PHP: 7.2
* Author: CiviCRM LLC
@@ -36,7 +36,7 @@ if (!defined('ABSPATH')) {
}
// Set version here: changing it forces Javascript and CSS to reload.
-define('CIVICRM_PLUGIN_VERSION', '5.57.0');
+define('CIVICRM_PLUGIN_VERSION', '5.57.1');
// Store reference to this file.
if (!defined('CIVICRM_PLUGIN_FILE')) {
diff --git a/civicrm/CRM/Financial/BAO/Order.php b/civicrm/CRM/Financial/BAO/Order.php
index f1ed6c04da..8e922722bf 100644
--- a/civicrm/CRM/Financial/BAO/Order.php
+++ b/civicrm/CRM/Financial/BAO/Order.php
@@ -1246,7 +1246,7 @@ class CRM_Financial_BAO_Order {
$lineItemTitle .= ' ' . CRM_Utils_String::ellipsify($description, 30);
}
}
- return $lineItemTitle;
+ return $lineItemTitle ?? '';
}
}
diff --git a/civicrm/CRM/Utils/Check/Component/Security.php b/civicrm/CRM/Utils/Check/Component/Security.php
index f449a09518..f4852db380 100644
--- a/civicrm/CRM/Utils/Check/Component/Security.php
+++ b/civicrm/CRM/Utils/Check/Component/Security.php
@@ -210,11 +210,11 @@ class CRM_Utils_Check_Component_Security extends CRM_Utils_Check_Component {
if (!$found) {
$messages[] = new CRM_Utils_Check_Message(
__FUNCTION__,
- ts('Some components and extensions may need to generate cryptographic signatures. Please configure <a %1>CIVICRM_SIGN_KEYS</a>. ',
+ ts('The system requires a cryptographic signing key. Please configure <a %1>CIVICRM_SIGN_KEYS</a>. ',
[1 => 'href="https://docs.civicrm.org/sysadmin/en/latest/setup/secret-keys/" target="_blank"']
),
- ts('Signing Key Recommended'),
- \Psr\Log\LogLevel::NOTICE,
+ ts('Signing Key Required'),
+ \Psr\Log\LogLevel::ERROR,
'fa-lock'
);
}
diff --git a/civicrm/CRM/Utils/Hook/Joomla.php b/civicrm/CRM/Utils/Hook/Joomla.php
index e844c4abbb..4f95215cd6 100644
--- a/civicrm/CRM/Utils/Hook/Joomla.php
+++ b/civicrm/CRM/Utils/Hook/Joomla.php
@@ -73,6 +73,9 @@ class CRM_Utils_Hook_Joomla extends CRM_Utils_Hook {
if (version_compare(JVERSION, '3.0', 'lt')) {
$app = JCli::getInstance();
}
+ elseif (version_compare(JVERSION, '4.0', 'lt')) {
+ $app = JApplicationCli::getInstance();
+ }
else {
$app = \Joomla\CMS\Factory::getApplication();
}
diff --git a/civicrm/Civi/Core/AssetBuilder.php b/civicrm/Civi/Core/AssetBuilder.php
index e723525ff1..69a4a57d78 100644
--- a/civicrm/Civi/Core/AssetBuilder.php
+++ b/civicrm/Civi/Core/AssetBuilder.php
@@ -138,9 +138,14 @@ class AssetBuilder extends \Civi\Core\Service\AutoService {
}
else {
return \CRM_Utils_System::url('civicrm/asset/builder', [
+ // The 'an' and 'ad' provide hints for cache lifespan and debugging/inspection.
'an' => $name,
- 'ap' => $this->encode($params),
'ad' => $this->digest($name, $params),
+ 'aj' => \Civi::service('crypto.jwt')->encode([
+ 'asset' => [$name, $params],
+ 'exp' => 86400 * (floor(\CRM_Utils_Time::time() / 86400) + 2),
+ // Caching-friendly TTL -- We want the URL to be stable for a decent amount of time.
+ ], ['SIGN', 'WEAK_SIGN']),
], TRUE, NULL, FALSE);
}
}
@@ -281,7 +286,6 @@ class AssetBuilder extends \Civi\Core\Service\AutoService {
* @return string
*/
protected function digest($name, $params) {
- // WISHLIST: For secure digest, generate+persist privatekey & call hash_hmac.
ksort($params);
$digest = md5(
$name .
@@ -292,40 +296,6 @@ class AssetBuilder extends \Civi\Core\Service\AutoService {
return $digest;
}
- /**
- * Encode $params in a format that's optimized for shorter URLs.
- *
- * @param array $params
- * @return string
- */
- protected function encode($params) {
- if (empty($params)) {
- return '';
- }
-
- $str = json_encode($params);
- if (function_exists('gzdeflate')) {
- $str = gzdeflate($str);
- }
- return base64_encode($str);
- }
-
- /**
- * @param string $str
- * @return array
- */
- protected function decode($str) {
- if ($str === NULL || $str === FALSE || $str === '') {
- return [];
- }
-
- $str = base64_decode($str);
- if (function_exists('gzdeflate')) {
- $str = gzinflate($str);
- }
- return json_decode($str, TRUE);
- }
-
/**
* @return bool
*/
@@ -372,16 +342,9 @@ class AssetBuilder extends \Civi\Core\Service\AutoService {
/** @var Assetbuilder $assets */
$assets = \Civi::service('asset_builder');
- $expectDigest = $assets->digest($get['an'], $assets->decode($get['ap']));
- if ($expectDigest !== $get['ad']) {
- return [
- 'statusCode' => 500,
- 'mimeType' => 'text/plain',
- 'content' => 'Invalid digest',
- ];
- }
-
- return $assets->render($get['an'], $assets->decode($get['ap']));
+ $obj = \Civi::service('crypto.jwt')->decode($get['aj'], ['SIGN', 'WEAK_SIGN']);
+ $arr = json_decode(json_encode($obj), TRUE);
+ return $assets->render($arr['asset'][0], $arr['asset'][1]);
}
catch (UnknownAssetException $e) {
return [
diff --git a/civicrm/Civi/Crypto/CryptoRegistry.php b/civicrm/Civi/Crypto/CryptoRegistry.php
index 0ae3d1afd2..b45927c8fc 100644
--- a/civicrm/Civi/Crypto/CryptoRegistry.php
+++ b/civicrm/Civi/Crypto/CryptoRegistry.php
@@ -84,6 +84,31 @@ class CryptoRegistry {
$registry->addSymmetricKey($registry->parseKey($keyExpr) + $key);
}
}
+ else {
+ // If you are upgrading an old site that does not have a signing key, then there is a status-check advising you to fix it.
+ // But apparently the current site hasn't fixed it yet. The UI+AssetBuilder need to work long enough for sysadmin to discover/resolve.
+ // This fallback is sufficient for short-term usage in limited scenarios (AssetBuilder=>OK; AuthX=>No).
+ // In a properly configured system, the WEAK_SIGN key is strictly unavailable - s.t. a normal site never uses WEAK_SIGN.
+ $registry->addSymmetricKey([
+ 'tags' => ['WEAK_SIGN'],
+ 'suite' => 'jwt-hs256',
+ 'key' => hash_hkdf('sha256',
+ json_encode([
+ // DSN's and site-keys should usually be sufficient, but it's not strongly guaranteed,
+ // so we'll toss in more spaghetti. (At a minimum, this should mitigate bots/crawlers.)
+ \CRM_Utils_Constant::value('CIVICRM_DSN'),
+ \CRM_Utils_Constant::value('CIVICRM_UF_DSN'),
+ \CRM_Utils_Constant::value('CIVICRM_SITE_KEY') ?: $GLOBALS['civicrm_root'],
+ \CRM_Utils_Constant::value('CIVICRM_UF_BASEURL'),
+ \CRM_Utils_Constant::value('CIVICRM_DB_CACHE_PASSWORD'),
+ \CRM_Utils_System::getSiteID(),
+ \CRM_Utils_System::version(),
+ \CRM_Core_Config::singleton()->userSystem->getVersion(),
+ $_SERVER['HTTP_HOST'] ?? '',
+ ])
+ ),
+ ]);
+ }
//if (isset($_COOKIE['CIVICRM_FORM_KEY'])) {
// $crypto->addSymmetricKey([
@@ -243,14 +268,15 @@ class CryptoRegistry {
/**
* Find all the keys that apply to a tag.
*
- * @param string $keyTag
+ * @param string|string[] $keyTag
*
* @return array
* List of keys, indexed by id, ordered by weight.
*/
public function findKeysByTag($keyTag) {
+ $keyTag = (array) $keyTag;
$keys = array_filter($this->keys, function ($key) use ($keyTag) {
- return in_array($keyTag, $key['tags'] ?? []);
+ return !empty(array_intersect($keyTag, $key['tags'] ?? []));
});
uasort($keys, function($a, $b) {
return ($a['weight'] ?? 0) - ($b['weight'] ?? 0);
diff --git a/civicrm/civicrm-version.php b/civicrm/civicrm-version.php
index 807111060f..b353ae531d 100644
--- a/civicrm/civicrm-version.php
+++ b/civicrm/civicrm-version.php
@@ -1,7 +1,7 @@
<?php
/** @deprecated */
function civicrmVersion( ) {
- return array( 'version' => '5.57.0',
+ return array( 'version' => '5.57.1',
'cms' => 'Wordpress',
'revision' => '' );
}
diff --git a/civicrm/ext/afform/admin/info.xml b/civicrm/ext/afform/admin/info.xml
index 895a4c8792..0f8f8f4234 100644
--- a/civicrm/ext/afform/admin/info.xml
+++ b/civicrm/ext/afform/admin/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>beta</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/afform/core/info.xml b/civicrm/ext/afform/core/info.xml
index 15319db3fe..434f5154b4 100644
--- a/civicrm/ext/afform/core/info.xml
+++ b/civicrm/ext/afform/core/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>beta</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/afform/html/info.xml b/civicrm/ext/afform/html/info.xml
index 73270f368d..1cb4104bf0 100644
--- a/civicrm/ext/afform/html/info.xml
+++ b/civicrm/ext/afform/html/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/afform/mock/info.xml b/civicrm/ext/afform/mock/info.xml
index 347828c94c..c7172e0e00 100644
--- a/civicrm/ext/afform/mock/info.xml
+++ b/civicrm/ext/afform/mock/info.xml
@@ -12,7 +12,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-09</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/authx/info.xml b/civicrm/ext/authx/info.xml
index 6ca24cc94f..ed50b21a08 100644
--- a/civicrm/ext/authx/info.xml
+++ b/civicrm/ext/authx/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-02-11</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/civicrm_admin_ui/info.xml b/civicrm/ext/civicrm_admin_ui/info.xml
index 54447576c0..55f2a8b851 100644
--- a/civicrm/ext/civicrm_admin_ui/info.xml
+++ b/civicrm/ext/civicrm_admin_ui/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-01-02</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/civigrant/info.xml b/civicrm/ext/civigrant/info.xml
index 7af1158ee1..2c23e04151 100644
--- a/civicrm/ext/civigrant/info.xml
+++ b/civicrm/ext/civigrant/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-11-11</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/civiimport/info.xml b/civicrm/ext/civiimport/info.xml
index b806c3e365..db18283937 100644
--- a/civicrm/ext/civiimport/info.xml
+++ b/civicrm/ext/civiimport/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-08-11</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/ckeditor4/info.xml b/civicrm/ext/ckeditor4/info.xml
index 36a23fff39..859494e6aa 100644
--- a/civicrm/ext/ckeditor4/info.xml
+++ b/civicrm/ext/ckeditor4/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">https://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-05-23</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/contributioncancelactions/info.xml b/civicrm/ext/contributioncancelactions/info.xml
index 29e9041ca4..71fd534f45 100644
--- a/civicrm/ext/contributioncancelactions/info.xml
+++ b/civicrm/ext/contributioncancelactions/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-12</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/elavon/info.xml b/civicrm/ext/elavon/info.xml
index f27a8f977e..f2261f2de8 100644
--- a/civicrm/ext/elavon/info.xml
+++ b/civicrm/ext/elavon/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2022-08-05</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/eventcart/info.xml b/civicrm/ext/eventcart/info.xml
index d658ea8b42..a914ff700c 100644
--- a/civicrm/ext/eventcart/info.xml
+++ b/civicrm/ext/eventcart/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-03</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/ewaysingle/info.xml b/civicrm/ext/ewaysingle/info.xml
index fcba52f50f..5427e19674 100644
--- a/civicrm/ext/ewaysingle/info.xml
+++ b/civicrm/ext/ewaysingle/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-07</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/financialacls/info.xml b/civicrm/ext/financialacls/info.xml
index 97b552edd8..d9ec7fc3c1 100644
--- a/civicrm/ext/financialacls/info.xml
+++ b/civicrm/ext/financialacls/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-27</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/flexmailer/info.xml b/civicrm/ext/flexmailer/info.xml
index 3da53d14e0..fb8dd2b138 100644
--- a/civicrm/ext/flexmailer/info.xml
+++ b/civicrm/ext/flexmailer/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-08-05</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<comments>
FlexMailer is an email delivery engine which replaces the internal guts
diff --git a/civicrm/ext/greenwich/info.xml b/civicrm/ext/greenwich/info.xml
index 7fd9defbdc..c47a3b0d08 100644
--- a/civicrm/ext/greenwich/info.xml
+++ b/civicrm/ext/greenwich/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-07-21</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/legacycustomsearches/info.xml b/civicrm/ext/legacycustomsearches/info.xml
index 5c8a7bb014..91561692d7 100644
--- a/civicrm/ext/legacycustomsearches/info.xml
+++ b/civicrm/ext/legacycustomsearches/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-07-25</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<tags>
<tag>mgmt:hidden</tag>
diff --git a/civicrm/ext/message_admin/info.xml b/civicrm/ext/message_admin/info.xml
index f7f8a6512d..55a6aad6b9 100644
--- a/civicrm/ext/message_admin/info.xml
+++ b/civicrm/ext/message_admin/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-06-12</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>alpha</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/oauth-client/info.xml b/civicrm/ext/oauth-client/info.xml
index ac4a42c71c..9a720a0e87 100644
--- a/civicrm/ext/oauth-client/info.xml
+++ b/civicrm/ext/oauth-client/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-10-23</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/payflowpro/info.xml b/civicrm/ext/payflowpro/info.xml
index c20ad660a3..c83829ba93 100644
--- a/civicrm/ext/payflowpro/info.xml
+++ b/civicrm/ext/payflowpro/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-04-13</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<compatibility>
<ver>5.57</ver>
diff --git a/civicrm/ext/recaptcha/info.xml b/civicrm/ext/recaptcha/info.xml
index f460860f16..9b5da62139 100644
--- a/civicrm/ext/recaptcha/info.xml
+++ b/civicrm/ext/recaptcha/info.xml
@@ -13,7 +13,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-04-03</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/ext/search_kit/ang/crmSearchTasks/crmSearchTaskUpdate.ctrl.js b/civicrm/ext/search_kit/ang/crmSearchTasks/crmSearchTaskUpdate.ctrl.js
index 0d0005ab09..556bc42ab0 100644
--- a/civicrm/ext/search_kit/ang/crmSearchTasks/crmSearchTaskUpdate.ctrl.js
+++ b/civicrm/ext/search_kit/ang/crmSearchTasks/crmSearchTaskUpdate.ctrl.js
@@ -15,7 +15,7 @@
action: 'update',
select: ['name', 'label', 'description', 'input_type', 'data_type', 'serialize', 'options', 'fk_entity', 'nullable'],
loadOptions: ['id', 'name', 'label', 'description', 'color', 'icon'],
- where: [['deprecated', '=', FALSE], ["readonly", "=", false]],
+ where: [['deprecated', '=', false], ["readonly", "=", false]],
}).then(function(fields) {
ctrl.fields = fields;
});
diff --git a/civicrm/ext/search_kit/info.xml b/civicrm/ext/search_kit/info.xml
index 7c040eed25..5ab6e94529 100644
--- a/civicrm/ext/search_kit/info.xml
+++ b/civicrm/ext/search_kit/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2021-01-06</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<develStage>stable</develStage>
<tags>
<tag>mgmt:required</tag>
diff --git a/civicrm/ext/sequentialcreditnotes/info.xml b/civicrm/ext/sequentialcreditnotes/info.xml
index 68ba37e3bc..1c9f1dbe36 100644
--- a/civicrm/ext/sequentialcreditnotes/info.xml
+++ b/civicrm/ext/sequentialcreditnotes/info.xml
@@ -15,7 +15,7 @@
<url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
</urls>
<releaseDate>2020-01-28</releaseDate>
- <version>5.57.0</version>
+ <version>5.57.1</version>
<tags>
<tag>mgmt:hidden</tag>
</tags>
diff --git a/civicrm/release-notes.md b/civicrm/release-notes.md
index 2f03eff17d..2a2b32fd74 100644
--- a/civicrm/release-notes.md
+++ b/civicrm/release-notes.md
@@ -15,6 +15,15 @@ Other resources for identifying changes are:
* https://github.com/civicrm/civicrm-joomla
* https://github.com/civicrm/civicrm-wordpress
+## CiviCRM 5.57.1
+
+Released January 12, 2023
+
+- **[Synopsis](release-notes/5.57.1.md#synopsis)**
+- **[Bugs resolved](release-notes/5.57.1.md#bugs)**
+- **[Credits](release-notes/5.57.1.md#credits)**
+- **[Feedback](release-notes/5.57.1.md#feedback)**
+
## CiviCRM 5.57.0
Released January 4, 2023
diff --git a/civicrm/release-notes/5.57.0.md b/civicrm/release-notes/5.57.0.md
index 6ce27d6609..4bdc17ccb7 100644
--- a/civicrm/release-notes/5.57.0.md
+++ b/civicrm/release-notes/5.57.0.md
@@ -14,7 +14,6 @@ Released January 4, 2023
| *Does this version...?* | |
|:--------------------------------------------------------------- |:-------:|
-| Fix security vulnerabilities? | no |
| **Change the database schema?** | **yes** |
| **Alter the API?** | **yes** |
| **Require attention to configuration options?** | **yes** |
@@ -23,7 +22,7 @@ Released January 4, 2023
| **Fix bugs?** | **yes** |
| **Fix security vulnerabilities?** | **yes** |
-## <a name=""security""></a>Security advisories
+## <a name="security"></a>Security advisories
* **[CIVI-SA-2023-01](https://civicrm.org/advisory/civi-sa-2023-01-help-subsystem-rce): RCE via Help Subsystem**
* **[CIVI-SA-2023-02](https://civicrm.org/advisory/civi-sa-2023-02-civievent-xss): XSS via CiviEvent**
diff --git a/civicrm/release-notes/5.57.1.md b/civicrm/release-notes/5.57.1.md
new file mode 100644
index 0000000000..c306168cab
--- /dev/null
+++ b/civicrm/release-notes/5.57.1.md
@@ -0,0 +1,44 @@
+# CiviCRM 5.57.1
+
+Released January 12, 2023
+
+- **[Synopsis](#synopsis)**
+- **[Bugs resolved](#bugs)**
+- **[Credits](#credits)**
+- **[Feedback](#feedback)**
+
+## <a name="synopsis"></a>Synopsis
+
+| *Does this version...?* | |
+| --------------------------------------------------------------- | -------- |
+| Change the database schema? | no |
+| Alter the API? | no |
+| **Require attention to configuration options?** | **yes** |
+| Fix problems installing or upgrading to a previous version? | no |
+| Introduce features? | no |
+| **Fix bugs?** | **yes** |
+| Fix security vulnerabilities? | no |
+
+## <a name="bugs"></a>Bugs resolved
+
+* **_Asset Builder_: Fix testInvalid() failure. Switch to JWT. ([#25305](https://github.com/civicrm/civicrm-core/pull/25305))**
+* **_CiviContribute_: Listing fails when line-item title is null ([#25300](https://github.com/civicrm/civicrm-core/pull/25300))**
+* **_Joomla_: Restore `cv` compatibility with Joomla 3.x ([dev/core#4060](https://lab.civicrm.org/dev/core/-/issues/4060): [#25306](https://github.com/civicrm/civicrm-core/pull/25306))**
+* **_Search Kit_: Fix "Update" task ([#25289](https://github.com/civicrm/civicrm-core/pull/25289))**
+* **_Status Check_: Raise severity of warning about signing-keys ([#25285](https://github.com/civicrm/civicrm-core/pull/25285))**
+
+ The configuration option `CIVICRM_SIGN_KEYS` has been elevated from "Recommended" to "Required". If not already configured, you may see a prompt to [configure CIVICRM_SIGN_KEYS](https://docs.civicrm.org/sysadmin/en/latest/setup/secret-keys/).
+
+## <a name="credits"></a>Credits
+
+This release was developed by the following authors and reviewers:
+
+Wikimedia Foundation - Eileen McNaughton; Squiffle Consulting - Aidan Saunders; Lighthouse
+Consulting and Design - Brian Shaughnessy; JMA Consulting - Monish Deb, Seamus Lee; Dave
+D; CiviCRM - Coleman Watts, Tim Otten; Artful Robot - Rich Lott
+
+## <a name="feedback"></a>Feedback
+
+These release notes are edited by Tim Otten and Andie Hunt. If you'd like to
+provide feedback on them, please login to https://chat.civicrm.org/civicrm and
+contact `@agh1`.
diff --git a/civicrm/sql/civicrm_data.mysql b/civicrm/sql/civicrm_data.mysql
index a5a372dca2..c29adf4623 100644
--- a/civicrm/sql/civicrm_data.mysql
+++ b/civicrm/sql/civicrm_data.mysql
@@ -23654,4 +23654,4 @@ INSERT INTO `civicrm_report_instance`
( `domain_id`, `title`, `report_id`, `description`, `permission`, `form_values`)
VALUES
( @domainID, 'Survey Details', 'survey/detail', 'Detailed report for canvassing, phone-banking, walk lists or other surveys.', 'access CiviReport', 'a:39:{s:6:"fields";a:2:{s:9:"sort_name";s:1:"1";s:6:"result";s:1:"1";}s:22:"assignee_contact_id_op";s:2:"eq";s:25:"assignee_contact_id_value";s:0:"";s:12:"sort_name_op";s:3:"has";s:15:"sort_name_value";s:0:"";s:17:"street_number_min";s:0:"";s:17:"street_number_max";s:0:"";s:16:"street_number_op";s:3:"lte";s:19:"street_number_value";s:0:"";s:14:"street_name_op";s:3:"has";s:17:"street_name_value";s:0:"";s:15:"postal_code_min";s:0:"";s:15:"postal_code_max";s:0:"";s:14:"postal_code_op";s:3:"lte";s:17:"postal_code_value";s:0:"";s:7:"city_op";s:3:"has";s:10:"city_value";s:0:"";s:20:"state_province_id_op";s:2:"in";s:23:"state_province_id_value";a:0:{}s:13:"country_id_op";s:2:"in";s:16:"country_id_value";a:0:{}s:12:"survey_id_op";s:2:"in";s:15:"survey_id_value";a:0:{}s:12:"status_id_op";s:2:"eq";s:15:"status_id_value";s:1:"1";s:11:"custom_1_op";s:2:"in";s:14:"custom_1_value";a:0:{}s:11:"custom_2_op";s:2:"in";s:14:"custom_2_value";a:0:{}s:17:"custom_3_relative";s:1:"0";s:13:"custom_3_from";s:0:"";s:11:"custom_3_to";s:0:"";s:11:"description";s:75:"Detailed report for canvassing, phone-banking, walk lists or other surveys.";s:13:"email_subject";s:0:"";s:8:"email_to";s:0:"";s:8:"email_cc";s:0:"";s:10:"permission";s:17:"access CiviReport";s:6:"groups";s:0:"";s:9:"domain_id";i:1;}');
-UPDATE civicrm_domain SET version = '5.57.0';
+UPDATE civicrm_domain SET version = '5.57.1';
diff --git a/civicrm/sql/civicrm_generated.mysql b/civicrm/sql/civicrm_generated.mysql
index 434d545bad..e5435b1b1f 100644
--- a/civicrm/sql/civicrm_generated.mysql
+++ b/civicrm/sql/civicrm_generated.mysql
@@ -3056,7 +3056,7 @@ UNLOCK TABLES;
LOCK TABLES `civicrm_domain` WRITE;
/*!40000 ALTER TABLE `civicrm_domain` DISABLE KEYS */;
INSERT INTO `civicrm_domain` (`id`, `name`, `description`, `version`, `contact_id`, `locales`, `locale_custom_strings`) VALUES
- (1,'Default Domain Name',NULL,'5.57.0',1,NULL,'a:1:{s:5:\"en_US\";a:0:{}}');
+ (1,'Default Domain Name',NULL,'5.57.1',1,NULL,'a:1:{s:5:\"en_US\";a:0:{}}');
/*!40000 ALTER TABLE `civicrm_domain` ENABLE KEYS */;
UNLOCK TABLES;
diff --git a/civicrm/vendor/autoload.php b/civicrm/vendor/autoload.php
index 0ce4e8ba12..2c27cd7d1f 100644
--- a/civicrm/vendor/autoload.php
+++ b/civicrm/vendor/autoload.php
@@ -4,4 +4,4 @@
require_once __DIR__ . '/composer/autoload_real.php';
-return ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b::getLoader();
+return ComposerAutoloaderInit33b931cc9909fb98223956c347efaa64::getLoader();
diff --git a/civicrm/vendor/composer/autoload_real.php b/civicrm/vendor/composer/autoload_real.php
index a33b5b8af4..bcfb5bd97b 100644
--- a/civicrm/vendor/composer/autoload_real.php
+++ b/civicrm/vendor/composer/autoload_real.php
@@ -2,7 +2,7 @@
// autoload_real.php @generated by Composer
-class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
+class ComposerAutoloaderInit33b931cc9909fb98223956c347efaa64
{
private static $loader;
@@ -24,9 +24,9 @@ class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
require __DIR__ . '/platform_check.php';
- spl_autoload_register(array('ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b', 'loadClassLoader'), true, true);
+ spl_autoload_register(array('ComposerAutoloaderInit33b931cc9909fb98223956c347efaa64', 'loadClassLoader'), true, true);
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
- spl_autoload_unregister(array('ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b', 'loadClassLoader'));
+ spl_autoload_unregister(array('ComposerAutoloaderInit33b931cc9909fb98223956c347efaa64', 'loadClassLoader'));
$includePaths = require __DIR__ . '/include_paths.php';
$includePaths[] = get_include_path();
@@ -36,7 +36,7 @@ class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
if ($useStaticLoader) {
require __DIR__ . '/autoload_static.php';
- call_user_func(\Composer\Autoload\ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::getInitializer($loader));
+ call_user_func(\Composer\Autoload\ComposerStaticInit33b931cc9909fb98223956c347efaa64::getInitializer($loader));
} else {
$map = require __DIR__ . '/autoload_namespaces.php';
foreach ($map as $namespace => $path) {
@@ -57,12 +57,12 @@ class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
$loader->register(true);
if ($useStaticLoader) {
- $includeFiles = Composer\Autoload\ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$files;
+ $includeFiles = Composer\Autoload\ComposerStaticInit33b931cc9909fb98223956c347efaa64::$files;
} else {
$includeFiles = require __DIR__ . '/autoload_files.php';
}
foreach ($includeFiles as $fileIdentifier => $file) {
- composerRequire332dc1086b4b914c5f8107e66f69267b($fileIdentifier, $file);
+ composerRequire33b931cc9909fb98223956c347efaa64($fileIdentifier, $file);
}
return $loader;
@@ -74,7 +74,7 @@ class ComposerAutoloaderInit332dc1086b4b914c5f8107e66f69267b
* @param string $file
* @return void
*/
-function composerRequire332dc1086b4b914c5f8107e66f69267b($fileIdentifier, $file)
+function composerRequire33b931cc9909fb98223956c347efaa64($fileIdentifier, $file)
{
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
diff --git a/civicrm/vendor/composer/autoload_static.php b/civicrm/vendor/composer/autoload_static.php
index ca141f3b1c..3047378057 100644
--- a/civicrm/vendor/composer/autoload_static.php
+++ b/civicrm/vendor/composer/autoload_static.php
@@ -4,7 +4,7 @@
namespace Composer\Autoload;
-class ComposerStaticInit332dc1086b4b914c5f8107e66f69267b
+class ComposerStaticInit33b931cc9909fb98223956c347efaa64
{
public static $files = array (
'a4a119a56e50fbb293281d9a48007e0e' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
@@ -738,11 +738,11 @@ class ComposerStaticInit332dc1086b4b914c5f8107e66f69267b
public static function getInitializer(ClassLoader $loader)
{
return \Closure::bind(function () use ($loader) {
- $loader->prefixLengthsPsr4 = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$prefixLengthsPsr4;
- $loader->prefixDirsPsr4 = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$prefixDirsPsr4;
- $loader->prefixesPsr0 = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$prefixesPsr0;
- $loader->fallbackDirsPsr0 = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$fallbackDirsPsr0;
- $loader->classMap = ComposerStaticInit332dc1086b4b914c5f8107e66f69267b::$classMap;
+ $loader->prefixLengthsPsr4 = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$prefixLengthsPsr4;
+ $loader->prefixDirsPsr4 = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$prefixDirsPsr4;
+ $loader->prefixesPsr0 = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$prefixesPsr0;
+ $loader->fallbackDirsPsr0 = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$fallbackDirsPsr0;
+ $loader->classMap = ComposerStaticInit33b931cc9909fb98223956c347efaa64::$classMap;
}, null, ClassLoader::class);
}
diff --git a/civicrm/vendor/composer/include_paths.php b/civicrm/vendor/composer/include_paths.php
index a9e5095a28..189ce0e9b6 100644
--- a/civicrm/vendor/composer/include_paths.php
+++ b/civicrm/vendor/composer/include_paths.php
@@ -7,8 +7,8 @@ $baseDir = dirname($vendorDir);
return array(
$vendorDir . '/tecnickcom',
- $vendorDir . '/pear/auth_sasl',
$vendorDir . '/pear/pear_exception',
+ $vendorDir . '/pear/auth_sasl',
$vendorDir . '/pear/console_getopt',
$vendorDir . '/pear/pear-core-minimal/src',
$vendorDir . '/pear/db',
diff --git a/civicrm/vendor/composer/installed.php b/civicrm/vendor/composer/installed.php
index d5f66d42a8..5c942d4433 100644
--- a/civicrm/vendor/composer/installed.php
+++ b/civicrm/vendor/composer/installed.php
@@ -5,7 +5,7 @@
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
- 'reference' => 'c201aeb3f7d75a32161bee17873922c3c9a88a6b',
+ 'reference' => 'c8c56978a794cbe0a83cc13199281c6423b93c0a',
'name' => 'civicrm/civicrm-core',
'dev' => true,
),
@@ -61,7 +61,7 @@
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
- 'reference' => 'c201aeb3f7d75a32161bee17873922c3c9a88a6b',
+ 'reference' => 'c8c56978a794cbe0a83cc13199281c6423b93c0a',
'dev_requirement' => false,
),
'civicrm/civicrm-cxn-rpc' => array(
diff --git a/civicrm/xml/version.xml b/civicrm/xml/version.xml
index f0594fbb12..fb6db02f7d 100644
--- a/civicrm/xml/version.xml
+++ b/civicrm/xml/version.xml
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="iso-8859-1" ?>
<version>
- <version_no>5.57.0</version_no>
+ <version_no>5.57.1</version_no>
</version>
--
GitLab