Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

CiviCRM 5.34.0

Released February 3, 2021


Does this version...?
Fix security vulnerabilities? no
Change the database schema? yes
Alter the API? yes
Require attention to configuration options? yes
Fix problems installing or upgrading to a previous version? yes
Introduce features? yes
Fix bugs? yes


Core CiviCRM

  • Re-Thinking our Crypto implementation (dev/core#2258: 19236, 19251, 19239, 19349, 237, 57, 125, 635, and 57)

    This adds a new framework for encrypting setting values that are stored in the database. An encryption key is defined upon installation, and the key can be rotated using APIv4. Keys can also be managed with a new hook_civicrm_crypto. The system allows for old keys to be retained for decrypting old values even as a new key is used for encrypting new ones.

    The only setting that is changed at this point is the SMTP password, as that was the only setting in core encrypted with CRM_Utils_Crypt. However, this framework is available for extensions and will likely be adopted for other sensitive settings.

    You may optionally configure CIVICRM_CRED_KEYS in civicrm.settings.php upon upgrade. Sites that define smtpPassword in their civicrm.settings.php file may need to update the value. See pull request 19239 for details.

    Meanwhile, CRM_Utils_Crypt is retained (but deprecated) for compatibility with the extensions that use it.

  • Add pre() and post() hooks for ufgroup entity (dev/core#2199: 18995)

    The pre and post hooks are now triggered when modifying profiles.

  • Add a unique event ID so we can match pre/post Insert/Update (19209)

    Makes it so developers can use the event ID to link pre/post Insert/Update events for the same change.

  • Add support for multi-value contact reference custom fields (18941)

    Makes it so users can configure a multi-value contact reference custom field.

  • Add missing state for South Korea (19157)

    This adds the special self-governing city Sejong to the state/province table for South Korea.

  • CRM_Core_Key - Provide more debugging hints about mismatched qfKey values (19145)

    The qfKey now has a prefix that corresponds with the form name.

  • Add min-width to flex columns for responsive layout on small screens (19235)

    This adjusts 2-column layouts on the main CiviCRM dashboard and Search Kit to collapse to 1 column on small screens.

  • APIv4 - Add "Permission.get" for listing available permissions (19115)

    Adds a new API method "Permission.get" to be used for administrative tools that allow one to choose/assign a permission.

  • APIv4: Support relative date range input (19181)

    Extends APIv4 to support relative date range inputs.

  • Free the joins! APIv4 explicit joins - can we remove the requirement for specific columns in the "on" clause? (Work Towards dev/core#2271: 19275)

    Allows greater flexibility in how explicit joins are performed in APIv4.

  • Non translatable fields in profile schema (Work Towards dev/core#527: 19291)

    Ensures the public title is used and translatable for on behalf profiles, confirm pages and thank you pages.

  • Proposal - add hook alterIndices (Work Towards dev/core#2279: 19293 and 19288)

    Adds indexes to and civicrm_group.cache_date.


  • Wording change - change UI parts of contribution soft schema to soft credit (dev/financial#158: 19085)

    Improves user experience of Search Kit/Afform by cleaning up language related to Soft Credits.

  • Cancel first contribution associated to membership, cancels the membership (Work Towards dev/core#927: 19019)

    Completes moving the logic for the contribution statuses "Cancel" and "Fail" from core to the contributioncancelactions extension.

  • Move financial acl warning from FinancialType BAO to extension. (19283)

    Moves more code from core to the financial acls extension.

  • Add ContributionSoft v4 api (19083)

    Adds the Contribution Soft entity to APIv4.

  • Add v4 api for financial type, financial account (19282)

    Adds "Financial Type" and "Financial Account" entities to APIv4.

  • [APIv4] Permit using other SQL functions such as CONCAT within a GROUP_CONCAT (19255)

    Allows for SQL functions such as CONCAT to be used within a GROUP CONCAT, this maybe useful for example when trying to get all the line items associated with a contribution into one field.

  • Add default for boolean fields on financial_type (19281 and 19335)

    Sets default values for the "Financial Type" fields 'is_active' and 'is_reserved'.

  • Improve logging when a contribution is created/updated (19252)

    Improves logging when a Contribution is created/updated to improve the debugging experience.

Search Kit

  • Search kit: Rewrite input widget to support IN sets, relative dates, BETWEEN groups, etc. (19229)

    Overhauls the input widget for all fields in Search Kit so that they support: IN, BETWEEN etc.

  • Search kit: Improve token support (19260)

    Adds a token selector to the Search Kit UI when configuring displays.

WordPress Integration

  • Enhance CiviCRM's integration in WordPress (231)

    Improves user experience for WordPress sites by introducing sub menu items to the WordPress SideBar "CiviCRM" Menu item including:

    • Integration Page
    • Settings Page

Bugs resolved

Core CiviCRM

  • jquery.validate.js update (includes CVE-2021-21252) (dev/core#2324: 19457)

    The jQuery Validate library contained a regular expression that was vulnerable to ReDoS (Regular Expression Denial of Service).

    ReDoS, or Regular Expression Denial of Service, is a vulnerability affecting poorly constructed and potentially inefficient regular expressions which can make them perform extremely badly given a creatively constructed input string.

    This offers security hardening by preventing a user from entering a string that could tie up their browser in validating it.

  • Fix updating custom field schema when toggling search or multiple (18939)

    Fixes a crash & possible data loss when changing a custom field of type "Country" or "State/Province" from a multi-select to single or vice versa.

  • Quick fix on summary actions conflict (19067)

    If multiple extensions insert items with the same weight into the contact summary actions drop-down, this ensures all menu items are displayed.

  • Greenwich: Fix Select2 free-tagging css bug (19225)

    Adds a CSS tweak to Greenwich that fixes a style conflict between Bootstrap and Select2.

  • APIv4: Normalize option list descriptions as plain text (19237)

    Ensures the description field comes through as plain text when fetching option lists from APIv4.

  • Unwanted mail blast sent by Scheduled Reminders (Work Towards dev/core#365: 19068)

    This adds a created_date column to the action_schedule table. This is in anticipation of a change to prevent a newly-created scheduled reminder from triggering reminders that would be due to send prior to the creation of the reminder.

  • Editing a smartgroup created through the search builder renders the new block by force (dev/core#2270: 19257)

    Ensures the new record type and operator line only appear on the new search builder form (not when editing existing smart groups via search builder).

  • Merge all members into the same household when using select fields fails with a db error (dev/core#2272: 19268)

    Fixes a DB Error when exporting contacts using the "Merge Household members into their Households" setting and selecting fields for export.

  • civicrm-setup - Error during, uh, let's call them unit tests, if db port isn't specified (dev/core#2286: 19324)

    Avoids a notice of a missing db port during install.

  • Move non-compliant trigger_error out of logging (dev/core#2241 and dev/core#2240: 19256)

    Makes CRM_Core_Error_Log more PSR3-compliant by not throwing errors itself, and removing dependence on the presence of a .git folder.

  • Tabs at top of extension list are no longer tabs (dev/core#2233: 19138)

    Fixes broken tabs on the profiles administration page.

  • Weird "null" after adding new tagset (dev/core#2234: 19131)

    Ensures the word 'null' is not displayed after adding a new tagset.

  • Stop preventing test runs and dev sites from seeing PHP deprecation notices (19330)

    Ensures notices appear based on the sites error reporting settings.

  • Unable to delete file with brackets in filename via ckeditor/kcfinder (dev/user-interface#25: 304)

  • Obsolete wkhtmltopdfPath causes hard fail in event registration due to internal fatal error for the missing package (dev/core#2028: 19311)

    If the setting for the path to wkhtmltopdf is set, but nothing is there at that path, a system check message will appear and PDF generation will fall back to domPDF.

  • Contact import by CSV fails when string ends with "à" (dev/core#2127: 19241)

    In certain encodings, the à character can have the same byte as a non-breaking space. This ensures that trimming non-breaking spaces does not accidentally snag multi-byte characters that share the same 0xA0 byte.

  • Activity Summary report is missing pagination (dev/core#2174: 19146)

  • Export crashes when many contacts share an address and are merged (dev/core#2211: 19216)

  • Deprecation warnings are implemented backwards (dev/core#2240: 19266)

  • CiviCRM Export, Saved Export Field Mapping that contains custom fields which have been disabled or deleted are still loaded as "clear" values and cause the export download to fail with "DB Error: no such field" (dev/core#2242: 19199)

  • Inline email edit form fails to set is_bulkmail flag (dev/core#2254: 19224)

  • Accept PHP memory_limit of -1 as meeting requirement (19340)

  • Fix hook_civicrm_permission upgrade failure. Defer system-flush to 'upgrade.finish' phase. (19346)

    On Drupal and Backdrop sites, the system flush was triggered after each incremental database update. It is now deferred until the end of the upgrade process.

  • Fix APIv3 profile.getfields to return correctly keyed phone field (19321)

  • Reports don't filter with empty custom fields (dev/core#2173: 19057)

  • Fatal error on contribution summary report (and probably others) when adding contacts to group (19250)

    This disables full group by mode for reports that are not optimized to work with it.

  • Stop passing ids as reference (19204)

  • Fix extensions tabs following deprecation of old tab code (19130)

  • php 7.4 compatibility (19355, 19350, 19331, 19353 and 19354)

    Assorted changes to make the code compatible with php 7.4.




  • Error creating thank you letter with multiple contributions (dev/core#2344: 19480, 19481, and 19482)

    This resolves an invalid currency error when generating a thank you letter grouping multiple contributions per contact.

  • fix email receipt flag for recurring record (19299)

    Ensures receipts are not sent for each recurring payment.

  • Owner notification email sending before payment (Work Towards dev/core#521: 19259)

    Code clean up towards ensuring that owner notification emails do not get sent before the payment is made.

  • Fully remove contributionTypeID (Work Towards dev/financial#163: 19174 and 19166)

    Work to remove legacy references to contributionTypeID.

  • Line items are added from default price set on recurring contributions for financial types with tax accounts. (dev/financial#159: 19086)

  • Allocation of "fee amount" is incorrect if fee is added after contribution is created (dev/financial#160: 19152)

  • Owner notification email sending every time the contribution is resaved (dev/core#537: 19095)

  • Default currency shown on invoices if payment is made with different currency (dev/core#2269: 19290)

  • Contact type incorrectly set to Contribution due to 'Honoree Profile' (dev/core#2273: 19277)

  • Disable frequency/interval fields if not required on backend contribution forms (17889)

  • Fix Contribution.tpl mismatched ts. (19343)

  • Fix preferred repeattransaction flow to correctly create the activity contacts for the contribution (19200)

  • Fix pledge on contribution page when the site has a Word Replacement for "contribution" (19238)

  • Fix Contribution.create to not attempt to set contacts on activity update (19202)

  • Allow Sendconfirmation api to override pay later receipt text (19129)


  • New Event using a template - clicking "Continue" doesn't save custom data (dev/core#766: 19308)

  • Use the proper content type for ICalendar link (dev/core#2282: 19316)

    The iCalendar feed link now specifies that it is text/calendar so it will be handled correctly if the icon is clicked.

  • Import Participants fails (dev/core#2348: 19483)

    This was an unreleased regression in 5.34.beta.

  • Manage Event: avoid E_NOTICE in smarty (19137)

  • Fatal error Incorrect datetime value: '0' for column 'transaction_date' when editing a participant record and recording payment with no received date (dev/core#2251: 19307)

  • Allow overriding participant_status_id in Order API (18096)


  • Proposal replace PEAR mailer classes in core extension (Work Towards dev/core#2159: 18905)

    Handles exceptions in Mail:send class.


  • Simplify decision as to whether to use a pdf on membership emails (dev/financial#162: 19165)

    Makes decision to include a PDF in Membership emails dependent on settings instead of whether the tax-amount is non-zero.

  • Membership renewal with 0 tax creating extra line item (dev/core#2024: 18838)


  • Rename PledgePayment create function (19298)

    Standardizes create function for a pledge payment.

  • Pledge: mark needed fields as required in schema (19309)

Joomla Integration

  • distmaker - Don't require dummy config file for building Joomla (19357)

WordPress Integration

  • Mailing default domain error: force a backend URL for WP (19319)

  • Allow wp-cli upgrade command to proceed when there is only a single settings file (224)

  • Prevent "add_action" from being called multiple times (dev/core#2217: 19061)


  • Membership BAO - do not require date fields to be passed in on update (18794)

  • Rename internal references to contributionTypeId (19169)

  • Switch to non-static functions (19164)

  • Duplicate processFormContribution only Membership form (19211)

  • Only do cms account create from the one relevant place (19234)

  • Convert previously shared function from static to non-static (19231)

  • Fix Payment edit form to use Payment.cancel & payment.create api (19116)

  • Fold deprecated function into the only function that calls it (19270)

  • Use specific function when formatting money for a default (19285)

  • Stop using refresh_date in civicrm_group table (19287)

  • Simplify handling of ids in now that related_contact is no longer used (19273)

  • CRM_Member_Form_MembershipRenewalTest - Started failing circa Jan 1, 2021 (dev/core#2284: 19306)

  • preliminary cleanup - extract a couple of functions in the payment processor form for readability (Work Towards dev/financial#157: 19072)

  • finish 'this round' of completeOrder cleanup (Work Towards dev/financial#152: 19017)

  • Squash 2 if clauses into 1 (19190)

  • Clean up error handling in legacy functions in import parser (19160)

  • Unused writeLegacyWarnings() in PropertyBag (19167)

  • Update docs links (624)

  • Preliminary cleanup -remove unused params from function signature (19110)

  • Minor code cleanup (19220)

  • Move processConfirm function from Utils file back to form class (19212)

  • Remove use of ignoreException from SMTP settings form (19315)

  • Remove constant CIVICRM_MYSQL_STRICT (dev/core#2252: 19244)

  • Removes default for is_active & is_reserved since they now have DB defaults (19296)

  • Remove code to retrieve premium data (19262)

  • Remove use of ignoreException on import form (19314)

  • Remove unreachable customGroup section in online event receipt (19069)

  • Remove never-used IMAP_XOAUTH2 option value before it gets more confusing (dev/core#2264: 19243)

  • Remove the print_array modifier as it is now supplied in civicrm-core (314)

  • Remove deprecated function (19213)

  • Remove some more variable variables + some test cleanup (19208)

  • Remove unreachable code. (19203)

  • Remove some deprecated code chunks (19191)

  • Remove extraneous elses (19182)

  • Remove obsolete IF (19108)

  • Remove extraneous elses (19171)

  • Remove extraneous handling duplicated from createProfileContact (19109)

  • Remove or hard-code variables from previously shared function (19227)

  • Remove code deprecated +1 year ago - case_from_XX / case_to_XXX search parameters (19158)

  • Remove extraneous elses (19168)

  • Remove meaningless calls to ignoreException (19155)

  • Remove some unused variables (19156)

  • Remove functions from EmailCommon that were moved to the trait (19214)

  • Remove duplicated tax assignments from copied code (19228)

  • Remove unused tpl assigns (19226)

  • Remove all handling related to pledge, cms user from newly separated function (19222)

  • [REF] Extract determination of subscription status information (19193)

  • [REF] extract getIdsOfMatchingContact (19172)

  • [REF] Extract function to retrieve the membership labels. (18854)

  • REF Allow for fields of type Blob or Mediumblob in Apiv4 (19196)

  • #REF Migrate the print_array smarty plugin from in packages into core… (19206)

  • [REF] Move function to shared parent so MemberForm can use it too (19205)

  • [REF] Relocate function from DeprecatedUtils to the class that actually calls it (19247)

  • [REF] Clean up on $ids['contribution'] (19207)

  • [REF] Simplify membership form code towards simplifying BAO (18855)

  • [REF] Convert previously shared function to non-static, remove unrelated code (19258)

  • [REF] Move another deprecated function to the class that uses it (19253)

  • [REF] Switch to using shared function to call deprecated function (19246)

  • [REF] Relocate another function from DeprecatedUtils to the calling c… (19249)

  • REF use addRadio function to add in the radio fields to these forms (19265)

  • [REF] Relocate another deprecated utils function to the only class that calls it. (19248)

  • [REF] Deprecate passing a blank currecny to CRM_Utils_Money::format a… (19099)

  • [REF] Fix tax_amount to be consistent & load from the templateContribution (19274)

  • [REF] Unshared another function back onto Membership_Form (19269)

  • [REF] Unshare code to build an array of params for the recurring contribution (19271)

  • [REF] Extract duplicate handling code (19103)

  • [REF] Duplicate possibly-used parts of createProfileContact onto Parser_Contact (19098)

  • [REF] use early return for errors rather than confusing assignment (19102)

  • [REF] Remove unreachable code (19279)

  • [REF] Minor cleanup, remove variable variables (19292)

  • REF use centralised addRadio function more (19272)

  • (REF) Civi\Test\Invasive - Add helper for checking protected/private members (19294)

  • [REF] Move another deprecated function back to the only class that calls it (19300)

  • [REF] Minor cleanup on contactGroup function (19286)

  • [REF] Remove some variables not relevant to backoffice member form (19284)

  • [REF] Rationalise financialType variable (19280)

  • [REF] Extract code that assigns isPendingOutcome variable on thank yo… (19232)

  • [REF] extract and share code to determine if required contact fields are present (19302)

  • [REF] Fix import signature on activity parser, add preliminary test (19301)

  • Add test to check pcp notification is sent (19117)

  • Extend test to cover membership logs (19023)

  • [tests] Fix join syntax conversion for APIv4 in v3 unit tests (19318)

  • (NFC) DispatchPolicy - Add comments to docblock (19215)

  • [NFC] Convert civi.tag-deprecated to use central function (19179)

  • (NFC) Fix issue reporting link to go to the corresponding core project. (19240)

  • [NFC] Cleanup in test class (19322)

  • [NFC] Code reformat pledge class (19336)

  • [NFC] Fix Contribution Soft Credit entity translation (19351 and 19359)

  • NFC When printing out the result of the correctly update in single va… (19198)

  • [NFC] Update comments in CRM/Core/Key (19197)

  • (POC#C) MembershipRenewalTest - Address assertions that started failing circa Jan 1, 2021 (19305)

  • REF Bump the composer-compile-plugin version (19377)

  • Test framework - API4 DateTest::testRelativeDateRanges will fail on the last day of Jan, Mar, May, Aug, Oct (dev/core#2339: 19466)

  • Fix for ReportTest when launching a pdf (19497)

    This fixes a unit test failure caused by a recent merge on testing Report output.

  • Enotice fix (19201)

  • Fix notice error on using max() with only one variable (19149)

  • Minor typos in schema files (19142)


This release was developed by the following code authors:

AGH Strategies - Alice Frumin, Andrew Hunt; Agileware - Francis Whittle; Bluehorn Digital - Matt Glaman; CEDC - Laryn Kragt Bakker; Christian Wach; CiviCRM - Coleman Watts, Tim Otten; CiviDesk - Sunil Pawar, Yashodha Chaku; CompuCorp - Ahed; Coop SymbioTIC - Mathieu Lutfy; Dave D; Fuzion - Jitendra Purohit; iXiam - César Ramos, Vangelis Pantazis; Jarek; JMA Consulting - Monish Deb, Seamus Lee; lucky091588; maynardsmith; Megaphone Technology Consulting - Jon Goldberg; MJCO - Mikey O'Toole; MJW Consulting - Matthew Wire; Nishant Bhorodia; Tadpole Collective - Kevin Cristiano; Wikimedia Foundation - Eileen McNaughton

Most authors also reviewed code for this release; in addition, the following reviewers contributed their comments:

Agileware - Justin Freeman; Artful Robot - Rich Lott; iXiam - Luciano Spiegel; JMA Consulting - Joe Murray; Joinery - Allen Shaw; Nicol Wistreich; Semper IT - Karin Gerritsen; Third Sector Design - Michael McAndrew


These release notes are edited by Alice Frumin and Andrew Hunt. If you'd like to provide feedback on them, please log in to and contact @agh1.