Skip to content

6.4.0

Choose a tag to compare

View all tags
@DawoudIO DawoudIO released this 09 Dec 06:10
6.4.0
8d2b9f4

🚀 Church CRM Version 6.4.0: Security, Stability, and API Modernization

We are pleased to announce the release of Church CRM version 6.4.0, a maintenance update focused on enhancing the platform's security, modernizing its internal API structure, and resolving key stability issues.

While this release contains fewer visible user features, the underlying security and stability improvements are vital for the health and performance of your CRM instance.

🛡️ Important Security & Stability Updates

1. Critical Security Enhancements (Recommended Update)

This release continues our focus on application security, addressing potential vulnerabilities at the system level.

  • CSRF Protection for Logs: Added Cross-Site Request Forgery (CSRF) protection to log management endpoints, preventing unauthorized actions against your system logs.
  • Comprehensive URL Validation: Implemented robust URL validation for Config.php settings to prevent potential misconfigurations or injection risks.
  • API Security & Consistency: Began a refactoring process to replace direct, less-secure AJAX calls with a standardized AdminAPIRequest wrapper, improving how sensitive administrative data is handled.

2. Core System Fixes

  • Custom Field Fatal Error: Fixed a critical bug that caused a fatal error when attempting to delete a person's custom field. This restores reliable administrative function for managing your data fields.
  • Upgrade Check Fix: Corrected an issue where the system update check incorrectly indicated an upgrade was available even when you were already running the current version.

✨ API Modernization and Developer Improvements

This release is a major step toward modernizing the core architecture of Church CRM, ensuring better security and easier future development.

  • API Service Refactoring: The core API service has been upgraded and refactored for better performance and consistency.
  • Admin API Consolidation: System configuration endpoints were moved to a dedicated, more secure path: from /api/system to /admin/api/system.
  • Debugging Tools: Added comprehensive logging for sha1_file() failures to assist with diagnosing file integrity and upgrade issues.

🌍 Localization & Reporting

  • Setup Locale Detection: Implemented locale detection in the setup wizard and debug page to ensure a smoother, localized start for new installations.
  • Improved Confirmation Report: Minor layout improvements were made to the confirmation report for better readability.

Full Changelog: 6.3.0...6.4.0

Assets 3
Loading