CiviCRM.org

We are very pleased to announce the first version of the Joomla! Student Outreach Program, or JSOP. The purpose of this program is to provide a structure that allows students to gain real-world software development experience working with world-class mentors on projects of value to the Joomla! community.

read more

We are very pleased to announce the first version of the Joomla! Student Outreach Program, or JSOP. The purpose of this program is to provide a structure that allows students to gain real-world software development experience working with world-class mentors on projects of value to the Joomla! community.

read more

We have seen two recent breakthroughs for people who want to spend more time on implementing awesome websites and less time fiddling with hosting.

Pantheon has launched a hosting service for Drupal that’s even simpler than cPanel and has seriously good performance and scalability built-in. We don’t need to setup caching anymore or worry about a reverse-proxy server; all we need to do is enjoy designing and configuring our sites. Developers like it just as much as implementers because it clearly separates the dev, testing and live environments and plugs nicely into GitHub. It schedules backups and it’s easy to move your site elsewhere if you want to.

CiviCRM Starter Kit is a Drupal-and-CiviCRM-in-one bundle that I have been interested in. It includes a sensible choice of modules and extensions to get you going. The package can be installed on your choice of hosting and the documentation and support is good thanks to its champion, Kevin Reynen. I share Kevin’s vision of making it simpler for small organisations to get started with a powerful engagement tool like CiviCRM. He has overcome engineering and other hurdles to bring that dream a little closer. Full credit to him and others in the community for this achievement!

At CiviCON San Francisco, I was excited to see Kevin combine these two projects to launch the CiviCRM Starter Kit on Pantheon, adding to the availability of other excellent one-click-install options for CiviCRM. There are pre-existing software-as-a-service hosts for CiviCRM listed on civicrm.org, which I encourage everyone to explore, but this is still a milestone in the maturing of Drupal, CiviCRM and their hosting platforms.

It really is a niche offering for people somewhere in-between heavy-duty developer and non-technical user. For people like me who want to retain the ability to customize their website but want a simple way to install CiviCRM and Drupal core updates while still controlling best-practice workflows and backups, it's a good option.

However, the entry price point is above existing hosts that have a good and long standing reputation with CiviCRM installs and the next price point is higher than the starting price for managed hosting. So not everyone is going to see value in it for them.

Today we are releasing the 4th stable release of CiviCRM 4.3. If you are still running an older version of CiviCRM, now is a great time to download and experience the many improvements in CiviCRM 4.3. This release contains small but important stability fixes, and all site admins are encouraged to upgrade.

Noteworthy Fixes in 4.3.3:

• 4.3.2 upgrade isn't displaying message or clearing caches
• Case merge doesn't copy custom fields over
• Only include Social Networking block on Thank-you page for online contributions

» View the full list of improvements for 4.3.3

CiviCRM is free, open source software made possible through contributions from people like you. If your organization benefits from using CiviCRM AND from the great new features in this release, please consider making a recurring contribution to support the project.

Compatibility

CiviCRM is more compatible than ever, this version has been tested to run with:

• Drupal 7
• Drupal 6 (community supported)
• Joomla 2.5
• Wordpress 3.4 and higher

New Installations

If you are installing CiviCRM 4.3 from scratch, please use the corresponding automated installer instructions:

• Install CiviCRM 4.3 on Drupal
• Install CiviCRM 4.3 on Joomla
• Install CiviCRM 4.3 on Wordpress

Upgrading to 4.3

If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.3.

• Upgrade Drupal Sites to 4.3
• Upgrade Joomla Sites to 4.3
• Upgrade WordPress Sites to 4.3

Contributors

Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of these people and organizations:

AGH Strategies - Andrew Hunt; Backoffice Thinking; Chris Burgess; Circle Interactive - Andrew Walker, Dave Moreton; CiviDesk - Nicolas Ganivet; CiviHosting - Hershel Robinson; Community Builders; Compucorp; Confluence - Frank Gomez; Dave D; EE-atWork - Erik Hommel; Electronic Frontier Foundation - Micah Lee, Kellie Brownell; Emphanos - Allen Shaw; Fuzion NZ - Eileen McNaughton, Peter Davis, Torrance Hodgeson; Jim Meehan; JMA Consulting - Joe Murray; Keith Morgan; Ken West; Korlon - Stuart Gaston; Koumbit - Samuel Vanhove; Lighthouse Consulting and Design - Brian Shaughnessy; Mathieu Lutfy; New York State Senate - Ken Zalewski; NfP Services (MTL Software Group) - Jag Kandasamy, Rajesh Sundararajan; Niro Solutions; Noah Miller; Palante Technology Cooperative - Jon Goldberg; Progressive Tech Project - Alice Aguilar, Jamie McClelland; Paul Delbar; Registered Nurses Association of Ontario; San Francisco Baykeeper - Eliet Henderson; Tech to the People - Xavier Dutoit; Third Sector Design; Veda Consulting - Parvez Saleh; Web Access - Pradeep Nayak; Zing - Simon West, Andrew Tombs.

Coming off of CiviCon North America 2013, 25 members of the CiviCRM community spent a week at the Woolman Center working on new functionality, creating documentation, and discussing how to grow the CiviCRM community.  Based off initial seed funding of the Soft Credit Improvements Make-it-Happen by San Francisco Baykeeper, we fielded a team of five developers to begin development.  As of yesterday, a significant chunk of Phase 1 of the Make-it-Happen is complete, and is now in a quality assurance phase to be released with CiviCRM 4.4 later this year.  We are still looking for funding to complete our wishlist for 4.4.  If improved soft credits is something you would like to see in your CiviCRM, you can make it happen.

Previously, soft credit functionality only allowed a contribution to have a single soft credit, and the credit can only be for the same amount as the contribution. If this project is fully funded, in CiviCRM 4.4 you will be able to:

• Specify an unlimited number of soft credits per contribution
• Soft credit a contact for a portion of the contribution
• Include soft credits in several key built-in contribution reports.

In addition, at the sprint we created a suite of unit tests, to help keep the soft credit functionality remain bug-free, and built a new soft credit API, to help developers use soft credits in sophisticated imports and connections to other applications.

This MIH hasn't been fully funded yet - but there's still time!  If funding comes through by June 16th, we can fully implement Phase 1, which would also allow users to search for soft credits in Advanced Search / Find Contributions.  If this is a functionality that your organization or clients would benefit from, please allocate funding toward this MIH ASAP!

Check out this screenshot showing the new contribution edit screen:

Here's a sample of the new fields on the Contribution Detail report:

Notes on the MIH specification can be found on the CiviCRM wiki here.

With the introduction of CiviAccounts in CiviCRM 4.3 the ground work to allow CiviCRM to cater for Tax against contributions has been laid.

During the week-long sprint in northern California following CiviCon, we've been working through the design and amendments required to complete the implementation of Tax within CiviCRM.

The specification can be found on the wiki

In short we've tried to ensure basic but powerful tax rules are to be built into CiviCRM Core, with additional hooks for users who need to implment specific rules.

Core functionality will include

• Different tax rules per financial type
• Multiple Taxes being applied to a single transaction e.g. State Tax and City Tax
• Ledger lines produced representing the break down in tax charged

So out of the box you'll be able to

• Charge Tax(s) on memberships
• Charge Tax(s) on Events
• Control Tax(s) at item level i.e. Event Fee 20% Tax, Meal for event 10% Tax, Child Care for event 0% Tax
• Export Liability ledger transactions to your finance system

Using Hooks you'll be able to

• Change the tax rules based on contact region
• Change the tax rules based on any other information

Please take a look at the wiki page and provide any feedback.

Thanks

Parvez

Check out our line up of new features looking for funding as part of Make it Happen CiviCRM 4.4 and spread the word to organisations that you think would would be interested in funding these features.

Make it Happen is our way to crowd fund development of the functionality most requested by CiviCRM users and we have a range of projects looking for funding for the 4.4 release (due out this September).

Our line up this release includes:

• the much requested CiviCase configuration user interface, which will dramatically increase the ease with which you can set up CiviCase at your organisation
• 'Other' for custom fields enabling greater flexibility when collecting data from your contactse
• Soft credit improvements - allowing (amongst other things) contributions to be soft credited to more than one contact.
• and much more! Check out the make it happen page for a full list for the 4.4 release

CiviCRM 4.4 will be out before you know it and our fundraising deadline for these Make It Happens is 16th of June. So if you need to get authorisation from budget holders, you should get the ball rolling now! If your organisation is looking for new functionality, please contribute now and make it happen - we won't make it without your help!

Implementors: please help spread the word to any of your clients that you think would benefit from these features.

Check out our line up of new features looking for funding as part of Make it Happen CiviCRM 4.4 and spread the word to organisations that you think would would be interested in funding these features.

Make it Happen is our way to crowd fund development of the functionality most requested by CiviCRM users and we have a range of projects looking for funding for the 4.4 release (due out this September).

Our line up this release includes:

• the much requested CiviCase configuration user interface, which will dramatically increase the ease with which you can set up CiviCase at your organisation
• 'Other' for custom fields enabling greater flexibility when collecting data from your contactse
• Soft credit improvements - allowing (amongst other things) contributions to be soft credited to more than one contact.
• and much more! Check out the make it happen page for a full list for the 4.4 release

CiviCRM 4.4 will be out before you know it and our fundraising deadline for these Make It Happens is 16th of June. So if you need to get authorisation from budget holders, you should get the ball rolling now! If your organisation is looking for new functionality, please contribute now and make it happen - we won't make it without your help!

Implementors: please help spread the word to any of your clients that you think would benefit from these features.

After a great CiviCon we're in the middle of a week-long sprint in northern California, with 30 people from around the world pitching in to help improve CiviCRM. Thanks to all those efforts we're releasing the second update to 4.3 today, with 49 small but important improvements. It is available for download now, and all site admins are encouraged to upgrade.

Noteworthy Bugfixes in 4.3.2:

• Editing petition opens Configure Survey form
• Respect includeOrderByClause setting in Advanced Search
• Schedule reminders for membership end date sent to all members
• Proximity search via advanced search not working without country selected
• Database problems when installing Danish language as basic data set

Plus a great new feature:

• Expose Profile create to Wordpress shortcode editor

» View the full list of improvements for 4.3.2

CiviCRM is free, open source software made possible through contributions from people like you. If your organization benefits from using CiviCRM AND from the great new features in this release, please consider making a recurring contribution to support the project.

Compatibility

CiviCRM is more compatible than ever, this version has been tested to run with:

• Drupal 7
• Drupal 6 (community supported)
• Joomla 2.5
• Wordpress 3.4 and higher

New Installations

If you are installing CiviCRM 4.3 from scratch, please use the corresponding automated installer instructions:

• Install CiviCRM 4.3 on Drupal
• Install CiviCRM 4.3 on Joomla
• Install CiviCRM 4.3 on Wordpress

Upgrading to 4.3

If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.3.

• Upgrade Drupal Sites to 4.3
• Upgrade Joomla Sites to 4.3
• Upgrade WordPress Sites to 4.3

Contributors

Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of these people and organizations:

AGH Strategies - Andrew Hunt; Backoffice Thinking; Chris Burgess; Circle Interactive - Andrew Walker, Dave Moreton; CiviDesk - Nicolas Ganivet; CiviHosting - Hershel Robinson; Community Builders; Compucorp; Confluence - Frank Gomez; Dave D; EE-atWork - Erik Hommel; Electronic Frontier Foundation - Micah Lee, Kellie Brownell; Emphanos - Allen Shaw; Fuzion NZ - Eileen McNaughton, Peter Davis, Torrance Hodgeson; Jim Meehan; JMA Consulting - Joe Murray; Keith Morgan; Ken West; Korlon - Stuart Gaston; Koumbit - Samuel Vanhove; Lighthouse Consulting and Design - Brian Shaughnessy; Mathieu Lutfy; New York State Senate - Ken Zalewski; NfP Services (MTL Software Group) - Jag Kandasamy, Rajesh Sundararajan; Niro Solutions; Noah Miller; Palante Technology Cooperative - Jon Goldberg; Progressive Tech Project - Alice Aguilar, Jamie McClelland; Paul Delbar; Registered Nurses Association of Ontario; San Francisco Baykeeper - Eliet Henderson; Tech to the People - Xavier Dutoit; Third Sector Design; Veda Consulting - Parvez Saleh; Web Access - Pradeep Nayak; Zing - Simon West, Andrew Tombs.

Come and hear about the most recent developments in the world of CiviCRM! 3 local CiviCRM developers were in attendance CiviCon in San Francisco and the subsequent code sprint. Let's hear what the future has in store for us in CiviCRM 4.4 and beyond.   We meet every second Thursday at Improving Enterprises in Addison.   RSVP at http://www.meetup.com/DFW-CiviCRM/events/109449612/

SEPA stands for “Single Euro Payment Area”: Mix in a little bit of Standardisation, a pinch of Europe and a truck load of Bank processes; add a bit of XML, stir for decades and don't forget to pour in copious amounts of meetings full of white middle aged men all wearing grey suits. What you get is a scrumptious recipe guaranteed to insure that almost no one in the NGO community is going to be remotely involved or interested.

Until now that is. Because SEPA might be the solution you are looking for:

• allows your members to automatically pay their fees on time

• get more donors contributing small monthly amounts

• makes it easy to let donors give an extra contribution when they like

• makes it easier to raise money from supporters in other European countries (more than 30 countries use it)

All the while you are paying much lower fees to the credit card providers and spending less of your precious admin time on dealing with payments.

With SEPA, it's so cheap to set up a direct debit that you can afford to do it even for an amount as low as a few euros per month.

Four providers in Germany, France and Belgium have teamed up to integrate SEPA into CiviCRM and we have already found enough users to cover the cost of most of the development.

Project60, as our group is called, is working on:

• Creating a new SEPA Payment Processor (allowing both single and recurring contributions)

• Generating the SEPA mandate (the document that your supporter needs to sign to authorise the direct debit)

• Storing all the needed information (IBAN, BIC...)

• Generating the needed files in the proper format to transmit to the bank to process the debits.

In short, all you need to benefit from cheap direct debit.

Detlev Sieber from digitalcourage told me than more than 80% of all member fees and donations come through the existing EVL Direct Debit System in Germany. This system is extremely easy to handle and associated with very low fees - for non-profits, most german banks even process the regular transactions free of any charge. By February 2014, the current system will be replaced by SEPA Direct Debit. This will extend the advantages of Direct Debit all over Europe, but forces many german organisations to upgrade their fundraising systems... or would give them the opportunity to switch to CiviCRM.

German users have a deadline to migrate to SEPA but banks all around Europe are ready to use it today. If you are a CiviCRM user, you should consider contributing financially to the make it happen to fund its integration with CiviCRM.

In order to get their CiviCRM implementations ready for this change, the association "Software für Engagierte", which was founded by 7 German NGO's, takes part in the implementation of the CiviCRM extensions for SEPA DD and banking import. Their president, Ronald Pabst from Democracy International “If enough additional funding comes in, we want to create a solution which not only fits for our special requirements, but can be published as an extension usable for any CiviCRM user“

We have started to work on it already, we will have a first version ready before the summer and if enough of you contribute, a fully fledged extension and a handbook to make it easier for you to set up all the complete SEPA Direct Process with your bank and civicrm will be available on Q4.

Sebastian Baijard explained "At wikimedia France, we contributed to fund SEPA integration with civicrm to be able to offer our supporters an option to contribute monthly. Beside a more sustainable and predictable income, the processing costs are going to be vastly reduced. If you are in Europe and do fundraising, you should contribute to this make it happen too".

I suggest you to estimate how much monthly donations of a few euros you could get and add that to how much you spend processing your membership fees. That's how much money your organisation isn't getting.

Each year.

Consider giving a small percentage of this amount to the make it happen so you can finally handle in a cost efficient way these contributions. You'll make civicrm stronger in Europe, not to mention making your organisation more sustainable.

AttachmentSize Paul's description and SEPA and Bank718.5 KB

This Meetup was kindly hosted by Leukaemia & Lymphoma Research, at their office in Holborn.

 Jamie Novick (of Compucorp) demonstrated CiviMail as a mass means of communicating by email and SMS.

Owen Bowden (of LLR) demonstrated how to do surveys using CiviMail and WebForm-Civi which enables the key results of the survey questions to be stored in CiviCRM.

George Steven (of The Latin Mass Society) gave a very useful outline of how to install CiviCRM on a shoestring buget (presentation attached).

Dave Melkman (of Manta Ray Media) presented the key changes in CiviCRM 4.3.

Jamie Novick described a new CiviCRM extension, CiviBookings, needing a total of £4K to make it happen, most of which has now been raised and development is under way (presentation attached).

Next London Meetup will be on Wednesday 29 May 2013.

AttachmentSize CiviCRM on a Shoestring.pdf992.53 KB CiviBooking slides v2.pdf851.88 KB

 

Leukaemia & Lymphoma Research have funded and released a new CiviCRM extension to allow UK charities to claim Gift Aid from HMRC with a few clicks from within CiviCRM   HMRC, the UK government customs and  tax department who operate the Gift Aid scheme, today opened their new methods for claiming back the basic rate of tax on donations that are eligible, the new scheme becomes compulsory in September.   The previous method for claiming Gift Aid was to send paper documents to HMRC. Under the new rules you can claim in three different ways, the new extension means that CiviCRM is ready for option two.    We also got some coverage in the UK charity trade press about it, most articles about the new Gift Aid system had been negative so we presented CiviCRM as a solution and extolled the benefits of charities working together on open source software. CiviCRM was also the first CRM database to announce it'd be ready, beating all propietry CRM databases. It was also tweeted about a lot over the week.   We've since been contacted by orgs who are in the process of implementing CRM systems asking about CiviCRM, plus it should now be on the radar of more people who'll implement systems in the future.   The work was carried out by Veda Consulting and builds on the work of the previous Gift Aid extension.   Coverage :   http://www.thirdsector.co.uk/news/1177165/leukaemia-lymphoma-research-shares-free-online-gift-aid-tool/   http://www.civilsociety.co.uk/it/news/content/14835/leukaemia_and_lymphoma_research_releases_online_gift_aid_claim_extension_for_fellow_civicrm_users  

http://www.fundraising.co.uk/news/2013/04/08/charity-develops-free-online-gift-aid-module-civicrm-users

http://www.charitydigitalnews.co.uk/2013/04/05/charities-to-gain-free-use-of-leukaemia-lymphoma-researchs-online-gift-aid-technology/

 

 

Thanks to everyone pitching in over the past week we've released the first update to 4.3 today, with 42 small but important improvements. It is available for download now, and all site admins are encouraged to upgrade.

IMPORTANT: Payment notifications back to CiviCRM do not work properly for PayPal Website Standard transactions in 4.3.0 (this means the contributions will display as "Pending - Incomplete Transaction' even though the payment has been completed at PayPal). If your organization uses this payment method AND you've already upgraded to 4.3.0 - you should upgrade to 4.3.1 immedately.

CiviCRM is free, open source software made possible through contributions from people like you. If your organization benefits from using CiviCRM AND from the great new features in this release, please consider making a recurring contribution to support the project.

Compatibility

CiviCRM is more compatible than ever, this version has been tested to run with:

• Drupal 7
• Drupal 6 (community supported)
• Joomla 2.5
• Wordpress 3.4 and higher

New Installations

If you are installing CiviCRM 4.3 from scratch, please use the corresponding automated installer instructions:

• Install CiviCRM 4.3 on Drupal
• Install CiviCRM 4.3 on Joomla
• Install CiviCRM 4.3 on Wordpress

Upgrading to 4.3

If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.3.

• Upgrade Drupal Sites to 4.3
• Upgrade Joomla Sites to 4.3
• Upgrade WordPress Sites to 4.3

Contributors

Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of these people and organizations:

AGH Strategies - Andrew Hunt; Backoffice Thinking; Chris Burgess; Circle Interactive - Andrew Walker, Dave Moreton; CiviDesk - Nicolas Ganivet; CiviHosting - Hershel Robinson; Community Builders; Compucorp; Confluence - Frank Gomez; Dave D; EE-atWork - Erik Hommel; Electronic Frontier Foundation - Micah Lee, Kellie Brownell; Emphanos - Allen Shaw; Fuzion NZ - Eileen McNaughton, Peter Davis, Torrance Hodgeson; Jim Meehan; JMA Consulting - Joe Murray; Keith Morgan; Ken West; Korlon - Stuart Gaston; Koumbit - Samuel Vanhove; Lighthouse Consulting and Design - Brian Shaughnessy; Mathieu Lutfy; New York State Senate - Ken Zalewski; NfP Services (MTL Software Group) - Jag Kandasamy, Rajesh Sundararajan; Niro Solutions; Noah Miller; Palante Technology Cooperative - Jon Goldberg; Progressive Tech Project - Alice Aguilar, Jamie McClelland; Paul Delbar; Registered Nurses Association of Ontario; San Francisco Baykeeper - Eliet Henderson; Tech to the People - Xavier Dutoit; Third Sector Design; Veda Consulting - Parvez Saleh; Web Access - Pradeep Nayak; Zing - Simon West, Andrew Tombs.

IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.

In recent days, multiple site admininistrators have reported evidence that their sites were attacked using vulnerabilities in the OpenFlashChart library included with prior versions of CiviCRM.  This vulnerability was eliminated in the CiviCRM v4.2.6 release (Dec 2012), and site administrators were strongly advised to apply the upgrade. However, as older versions of CiviCRM are still vulnerable, site administrators running outdated versions of CiviCRM should take steps immediately to prevent new attacks and identify past attacks. This blog post provides some background and suggestions.

You can check what version of CiviCRM you are using by looking on any CiviCRM page.  The version is displayed at the bottom of the screen (see screenshot below).

Update: The CiviCRM v4.2.6+ release is secure against this vulnerability, but some upgraded installations may still be vulnerable if the upgrade was misapplied. As a precaution, we encourage all administrators to determine if their installation is vulnerable (see below).

 

Background

OpenFlashChart is a PHP library used to render dashboards and reports in CiviCRM v3+.  The OpenFlashChart source code includes various example files, and one of those example files allows remote, unauthenticated users to upload files.  If an attacker uploads an executable file (such as a PHP or CGI file), then he can seriously compromise the site's security.

 

(Update) Determine Vulnerability

To verify whether a site is vulnerable, look in the "civicrm" source tree for the file "packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php" . If the file exists, then you should proceed with preventing and identifying attacks.

 

Prevent Attacks: Delete the Vulnerable File

The simplest, most direct way to prevent attackers from exploiting this vulnerability is to delete the vulnerable file.  Within the "civicrm" directory tree, the file is called:

packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php

This file was deleted in CiviCRM v4.2.6+. If you are running an older version you should immediately delete this file.

 

Prevent Attacks: Don't allow web-server to create & execute a file

System administrators can help prevent similar attacks in the future by ensuring that the web server user (e.g.  "www-data" or "apache") cannot create files in the source-code directory; or, similarly, by ensuring that any files written by the web-server cannot be later executed by the web-server. The implementation details vary among hosting environments (with different operating systems, web servers, usernames, customized paths, etc.), but the following is a common formulation:

• The source tree for CiviCRM, Drupal, etal should not be owned by the web user or web group (e.g. "www-data" or "apache").
• The source tree should not allow writing by the web user or group (e.g. "www-data" or "apache").
• The data file directory (e.g. Drupal's "sites/default/files") should not allow remote users to execute PHP files. In many Drupal installs, this is prevented automaticaly because the .htaccess includes "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006" and "Options None".

This is a general preventive policy but comes with some trade-offs -- e.g. it restricts both administrators and attackers, and some administrators may not be able to lock down all folders. Not-with-standing these caveats, the central point remains: the more you can lock down folders, the better.

  Identify Attacks

If you administer a site which has been vulnerable to this issue, then you should search your HTTP request logs for past requests matching "packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php". If none found, then you're probably ok.

If there have been requests for "ofc_upload_image.php", then you may want to search for evidence that has been left behind in previous attacks. For example, if your web root is "/var/www", then these commands would identify files produced in previous attacks:

• find /var/www -name aaa.php (one reported attack wrote this file)
• find /var/www -name shell.php
• find /var/www -name endspie1.php
• grep -r "function permission_octal2string" /var/www

Unfortunately, it's not possible to provide a decisive search that would find files produced by any possible attacker. As a more thorough option, one should identify any folders that are writable by the web-user and audit any executable files (*.php, *.cgi, *.pl, etc).

For more discussion about evidence found in previous attacks, see http://forum.civicrm.org/index.php/topic,22826.0.html

 

Progressive Technology Project (PTP) runs PowerBase, a fully hosted and supported version of CiviCRM for community organizing groups in the United States. PTP has been deeply involved in CiviCRM's expanding functionality through CiviEngage and CiviCampaign and now has commenced a project to improve CiviContribute to strengthen it for grassroots fundraising. While CiviContribute has the basic parts necessary for fundraising, it lacks some of the higher reporting pieces that dedicated fundraising applications have. 

Our team has been working with a grassroots fundraising expert and together we identified that the first step would be to provide more dashboard charts for CiviContribute that will allow new users to leverage reporting intelligence with minimal training. 

There are several new reports designed to identify the renewal rate of donors or members over time; the lapsed and recovered donors for comparative time periods; and the new donors over comparative time periods. Each will have the capacity to drill down to identify the individuals in the totals. We’re also working up a summary table that shows the current number of donors, total amount raised during the year, the average donation, Individuals who increased donations, number of sustainers and new contacts in the database and the change in these indicators from the prior year.

The idea is that these dashboard items will lift up key indicators for the development staff to monitor. Many of the people charged with development in small non-profits in the U.S. have minimal training on what to look for when managing their progress. The existence of these metrics should show them what to monitor.

There are other new reports planned. You can see the details on the CiviCRM wiki: http://wiki.civicrm.org/confluence/display/CRM/CiviEngage+Enhancements+for+fund-raising

We’ve also encountered problems segmenting the donor base so we’re adding an optional custom field group we’re calling “Summary Fields”. Making these items available as calculated fields means that they can be searched in Advanced Search and used as a basis for a smart group as well as for tokens in email and print communications. The basic field set includes:

• Total Lifetime Contributions
• Total Contributions this Year
• Total Contributions last Year
• Amount of last contribution
• Date of Last Contribution
• Date of First Contribution
• Largest Contribution
• Count of Contributions
• Average Annual (Calendar Year) Contribution
• Date of Last Membership Payment
• Amount of Last Membership Payment
• Name of the last attended event
• Date of the last attended event

There is a user interface to allow the organization to pick which fields of the custom field set to implement and which contribution types (financial types) to include in these totals. The fiscal year end setting in CiviCRM is supported as well. After the initial set up, these fields are updated via SQL triggers.

All of these enhancements will be available as extensions when they are completed in the next couple of months.  We welcome the community's input via the wiki site.

 

 

The attached chart came out of a discussion between Kasia Wakarecy, Lola Slade and myself (Lynna Landstreet), at Freeform Solutions, about some issues we'd encountered when trying to to do major version upgrades of CiviCRM and Drupal on a client's site at the same time. Since we're likely to have a number of other combined upgrades like that to do in the future, we wanted to iron out the best process for doing them as smoothly as possible.

And we thought it might be useful to share what we’ve got thus far with others in the CiviCRM community, partly because it might help other people, and partly to find out others’ experiences: do you agree with what we’ve outlined here? Disagree? Have anything you’d want to add/change? We’re thinking of contributing this to the wiki documentation, but wanted to post it here for discussion first.

The pink boxes on the chart represent the actual steps involved, with the green ones being the state of the site(s) you’re working on between the various steps. Blue diamonds are decision points.

A few comments on the steps involved:
 

1. The first and most important thing we found was that you really, really need to upgrade CiviCRM first and Drupal second. 



   The reason for this is that in order for CiviCRM's upgrade script to run successfully, the module has to be enabled - but if you've just upgraded from Drupal 6 to 7, all Drupal 6 modules are disabled automatically, so the CiviCRM upgrade script won't run. And CiviCRM 3.x is not compatible with Drupal 7, so there's no way to have CiviCRM enabled under Drupal 7 until after you've upgraded it to 4.x. 



   So the first thing you need to do is upgrade CiviCRM to the DRUPAL 6 VERSION of CiviCRM 4.x (where 4.x is whatever version is current at the time of the upgrade - at the time of writing this, it's 4.2.8), with the site in maintenance mode, of course, if you’re doing this on the live site. This part should be fairly straightforward, unless your CiviCRM installation is particularly complex or customized. Also, if you’re running CiviCRM 3.2 or earlier, you’ll probably want to upgrade in stages, rather than going all the way 4.x in one step, or else you may have trouble with the upgrade script timing out.
   


2. The next thing you need to do is clone the site to a development environment (in other words, make a copy of it to use a test site for the Drupal upgrade). 



   Why not do this before upgrading CiviCRM? Because the Drupal upgrade will probably be more involved and take longer - and while you're doing that, chances are there's going to be activity going on in CiviCRM, which you don't want to lose by copying the upgraded database back to the live site once it's all done. And that activity will probably result in changes or additions to a variety of different database tables, making it much harder to merge the changes into the new database.

   

So paradoxically, it's safer to upgrade CiviCRM on the live site, and only Drupal on the dev site, unless you're willing to keep the site in maintenance mode for the entire process, which is more downtime than most site owners want.

    

3. Next, do the Drupal 6 to 7 upgrade on the dev site, and deal with any issues or problems that arise during that process (because there will nearly always be some). The note in the chart about keeping track of any issues and how you resolved them (or what you ought to have done differently) is especially important if it's a highly active site, for reasons that will become clear shortly.
    
4. Next you have a decision to make: how much integration is there between CiviCRM and Drupal? If it's just a fairly standard CiviCRM installation, you can probably just keep CiviCRM disabled for now (since the Drupal 6 => 7 upgrade will have automatically disabled it), until you get to the last step of the process.

   But if you're got integration between CiviCRM and Views or OG, or anything of similar complexity, you're more likely to encounter issues and will need to do more testing. So if that's the case, you'll want to replace the D6 version of CiviCRM on your dev site with the D7 version of the same version of CiviCRM — i.e. CiviCRM 4.2.8 for Drupal 6 to CiviCRM 4.2.8 for Drupal 7 and run update.php, and then check for problems with your views, groups, etc. And of course, make note of what you encountered and how you fixed it.



   Why does it have to be the same version of CiviCRM? Because trying to go to a different version would mean running the CiviCRM upgrade script, which won't run when CiviCRM has been disabled by the Drupal upgrade process, remember? Also, the version specified in the database needs to match, or you may encounter problems.

    

5. Now you've got another decision to make: in however long it's taken you to do all this, how much activity has there been in Drupal, on the live site? (As opposed to within CiviCRM, which is pretty much a given.) If you're not sure, check the databases for both sites, particularly the node_revisions, comments and users tables, which tend to be the most frequently updated. Then put both the live and dev sites into maintenance mode and do whichever of the following seems most suitable: 


   a. If there haven't been any changes, go ahead and copy the files and database from the dev site back to the live site. (NOT the CiviCRM database, mind you, just the Drupal database. If they use the same database, copy just the Drupal tables, not the CiviCRM tables.)


   b. If there have been a few changes, but not many, you can probably just manually make the changes to the dev site (adding the new nodes, users, etc.) and then copy things over as above. 


   c. If there have been a lot of changes, as may happen on a highly active site, then it's probably going to be easier to just redo the Drupal upgrade directly on the live site. This may seem like doing it on the dev site first was a waste, but it’s better to get all the problems out of the way somewhere other than on a busy live site, so that when you do come to upgrade the live site, everything will go more smoothly. (You did remember to note down everything you did and how you resolved any problems that came up, right?)

    

6. Regardless of which path you took at each of the above question points, you should now have a fully functioning, live Drupal 7 site, with the (disabled) Drupal 6 version of the current version of CiviCRM. 

So the last thing you need to do is upload the Drupal 7 version of the same version CiviCRM, overwriting the Drupal 6 one, and run update.php.

   

And voila! A fully upgraded, Drupal 7/CiviCRM 4 site!

AttachmentSize Flow chart showing upgrade steps105.8 KB

It's here! The much anticipated new CiviCRM 4.3 is ready for prime-time. Congratulations to everyone in the CiviCRM community who made this happen.

What's New?

Here are just a few of the exciting improvements in CiviCRM 4.3.

• CiviDiscount extension
• Contact edit locking
• Better notifications
• Advanced search and quicksearch improvements
• Multi-record custom data in profiles
• Enhanced in-place editing
• Friendly front-end forms
• Smarter Search Builder
• New profile form designer
• Accounting integration
• WordPress access control permissions
• Ability to limit inherited memberships
• Dozens of performance enhancements and UI improvements for a faster, more comfortable ride

For more information about the new features, check out the Top 10 Reasons to Get Excited for CiviCRM 4.3. You can also check out the complete list of new and improved functionality on the issue tracker.

CiviCRM is free, open source software made possible through contributions from people like you. If your organization benefits from using CiviCRM AND from the great new features in this release, please consider making a recurring contribution to support the project.
 

Compatibility

CiviCRM is more compatible than ever, this version has been tested to run with:

• Drupal 7
• Drupal 6 (community supported)
• Joomla 2.5
• Wordpress 3.4 and higher

New Installations

If you are installing CiviCRM 4.3 from scratch, please use the corresponding automated installer instructions:

• Install CiviCRM 4.3 on Drupal
• Install CiviCRM 4.3 on Joomla
• Install CiviCRM 4.3 on Wordpress

Upgrading to 4.3

If your site is highly customized with special code or theming for CiviCRM you will want to upgrade a test copy first and test your customizations. For everyone else, follow these simple steps to get yourself up and running with 4.3.

• Upgrade Drupal Sites to 4.3
• Upgrade Joomla Sites to 4.3
• Upgrade WordPress Sites to 4.3

Contributors

Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of these people and organizations:

AGH Strategies - Andrew Hunt; Backoffice Thinking; Chris Burgess; Circle Interactive - Andrew Walker, Dave Moreton; CiviDesk - Nicolas Ganivet; CiviHosting - Hershel Robinson; Community Builders; Compucorp; Confluence - Frank Gomez; Dave D; EE-atWork - Erik Hommel; Electronic Frontier Foundation - Micah Lee, Kellie Brownell; Emphanos - Allen Shaw; Fuzion NZ - Eileen McNaughton, Peter Davis, Torrance Hodgeson; Jim Meehan; JMA Consulting - Joe Murray; Keith Morgan; Ken West; Korlon - Stuart Gaston; Koumbit - Samuel Vanhove; Lighthouse Consulting and Design - Brian Shaughnessy; Mathieu Lutfy; New York State Senate - Ken Zalewski; NfP Services (MTL Software Group) - Jag Kandasamy, Rajesh Sundararajan; Niro Solutions; Noah Miller; Palante Technology Cooperative - Jon Goldberg; Progressive Tech Project - Alice Aguilar, Jamie McClelland; Paul Delbar; Registered Nurses Association of Ontario; San Francisco Baykeeper - Eliet Henderson; Tech to the People - Xavier Dutoit; Third Sector Design; Veda Consulting - Parvez Saleh; Web Access - Pradeep Nayak; Zing - Simon West, Andrew Tombs.

During the last few hours of the Civi Sprint in London, Jen (who is new to Civi) and I had a look at some basics on the CiviCRM website (civicrm.org) and have identified some problems and possible solutions.  Noting too radical mind and most involve minimal changes to the actual content as that's perhaps for a later date.

Home page

Problem: Presented with too many options: Primary navigation, secondary navigation, left hand list of Civi components
Solution: Remove left hand list of Civi components

Problem: Isn’t clear what the slideshow is. In fact it is case studies relating to the different needs of Civi organisations
Solution: Need to label them as “Case studies”

Problem: No text on the home page explaining what CiviCRM is in a few words.
Solution: Replace “A fully integrated CRM solution” and the list of Civi components alongside with a short paragraph explaining CiviCRM which can incorporate the words “A fully integrated CRM solution”

Main navigation

Problem: Too subtle... not clear that it actually is main navigation.
Solution: Stronger navigation design

Problem:  The sub-sections within “What is CiviCRM” do not match the title.
Solution: How about “CiviCRM in 5 minutes” with the sub-sections:

• What is CiviCRM?
• CiviCRM's story
• Case studies
• Find an expert
• The Civi Community
• The future

Problem: The sub-sections within “Will CiviCRM meet your needs?” do not match the title.  Currently it gives a list of features (the main components of Civi) and asking the questions, “Will Civi...” suggests that it might not meet your needs, so the user is on a yes/no answer.
Solution: New title: “How CiviCRM meets your needs” which is a positive stance. The sub-sections need to reflect the question, ie. have organisation’s needs. For example [My needs are]:

• Managing contacts [Not sure if manage is the right word]
• Receiving funds, donations and more
• Email communications
• Supporting fundraisers (peer to peer)
• Campaigning
• Organising events
• Managing membership
• Evaluating success
• Case management

Problem: Content on Contact Us page isn’t very friendly
Solution: Either ditch contact us or make this page easier to use and rename it to something like “Need help?” or “Have a question?”

Problem: “Participate” sounds like a CiviCRM component, CiviParticipate
Solution: Change to “Get involved”

Problem: “Make it happen” doesn’t mean much to people who don’t know what it is.
Solution: Not sure we should change as this terms has been in use for a while.

The team is excited to announce the ninth release of 4.2 stable with support for Drupal 7, Joomla 2.5 and WordPress 3.3.

We strongly recommend that all sites upgrade their CiviCRM code to this release if you are using previous version of 4.2. There have been several important bug fixes since the last stable release of 4.2 (review the list). You can download the release from SourceForge.

What is new in 4.2?

Here's a quick list of some of the other cool new features and improvements in this release:

• Extensions functionality
• Inline (quick) editing of contact fields (email, phone, communications preferences, custom fields) from Contact Summary - CRM-9908
• Recurring contributions and auto-renew memberships: allow self-service and back-office update and cancellation - CRM-10076
• Offer donors a choice of payment processors on your online contribution pages - CRM-9850
• Support for SMS blasts and interactions - CRM-9782
• Relative date filters on all search forms (e.g. "last month", "this year-to-date") - CRM-9427
• Improve search filters for mailings and link to advanced search from mailing summaries - CRM-9542
• Batch (automated) dedupe and merge - CRM-9312
• Create and send thank-you letters from contribution search - CRM-9998
• Multiple membership renewal reminders - CRM-8359
• Batch entry of contributions and membership payments (quick input of batches of checks). Read more here- CRM-9834
• Replace hard-code email address in online event registration forms with a reserved profile, and allow online event registration forms to NOT collect email addresses - CRM-9587
• Support price sets for recurring contributions - CRM-9504

Want to learn more? Check out the complete list of ~75 improvements and bug fixes done in this stable version of 4.2

 

Downloads

You can download the release from SourceForge - select from the civicrm-stable section. The filenames include the 4.2.9labels, e.g. civicrm-4.2.9-drupal.tar.gz or civicrm-4.2.9-joomla.tar.gz or civicrm-4.2.9-wordpress.tar.gz. Make sure you're downloading the correct version: for Drupal or Joomla or Wordpress.

 

New Installations

If you are installing CiviCRM 4.2 from scratch, please use the corresponding automated installer instructions:

• Install CiviCRM 4.2 on Drupal 7
• Install CiviCRM 4.2 on Joomla 1.7
• Install CiviCRM 4.2 on Wordpress
• Drupal 6 (not officially supported)

 

Upgrading to 4.2

The procedure for upgrading is described in following documents:

• Upgrade Drupal Sites to 4.2
• Upgrade Joomla Sites to 4.2
• Upgrade WordPress Sites to 4.2

 

Contributors

Community support and engagement is the force that sustains and drives CiviCRM forward. This release would not have been possible without the incredible contributions of these people and organizations:

Abril Rocabert, Adam Wight, Alice Aguilar, Allen Shaw, Andres Spagarino, Andrew Harris, Andrew Hunt, Andrew Walker, Andre Gurgel, Anthony Camilleri, Ariel Gold, Bob Vincent, Brian Shaugnessy, Chris Burgess, Chris Ward, Coleman Watts, Dave D, Dave Moreton, Eileen McNaughton, Erik Brower, Erik Hommel, Frank Gomez, Graylin Kim, Jamie McClelland, Jane Hanley, Jason Bertolacci, Jeroen Bensch, Jim Meehan, Jon Goldberg, Jonathan Mark, Joe Murray, Kasia Wakarecy, Katie Horn, Katy Jockelson, Kellie Brownell, Ken West, Ken Zalewski, Lisa Jervis, Marianela Zucotti Bozzano, Mark Burdett, Mathieu Lutfy, Matt Niemayer, Micah Lee, Michael Daryabeygi, Michael McAndrew, Nicolas Ganivet, Noah Miller, Parvez Saleh, Peter Gehres, Peter McAndrew, Robyn Perry, Samuel Vanhove, Simon West, Stephane Lussier, Steve Colson, Stuart Gaston, Torrance Hodgeson, Xavier Dutoit.

AGH Strategies, Association for Contextual Behavioral Science, Association for Learning Technology, Backoffice Thinking, Circle Interactive, CiviDesk, Community Builders, DC Roadrunners, EE-atWork, Electronic Frontier Foundation, Freeform Solutions, Free Software Foundation, Fuzion (NZ), Giant Rabbit, Gingko Street Labs, Kindling Trust, Koumbit, Korlon, International Mountain Biking Association,  JMA Consulting, Lighthouse Consulting and Design, National Democratic Institute, New York State Senate, Ninjitsu Web Development, Nonprofit Solutions, NS Web Solutions, Palentetech, Progressive Technology Project, River Pool at Beacon, San Francisco Baykeeper,  Switchback, Tech to the People,  The Monthly, Third Sector Design, Veda Consulting, Voluntary Action Westminster,  Woolman Sierra Friends Center, Woven, Zing.