Released July 18, 2018
- CIVI-SA-2018-01 SQL injection in get-cases AJAX API
- CIVI-SA-2018-02 Reflected XSS in Contribution Reports
- CIVI-SA-2018-03 Reflected XSS in error message
- CIVI-SA-2018-04 SQL injection in Custom Groups
- CIVI-SA-2018-05 Reflected XSS in Contact Merge Screen
- CIVI-SA-2018-06 Reflected XSS in "New Membership" Form
- CIVI-SA-2018-07 Remote Code Execution in QuickForm