# Changelog

All notable changes to ChurchCRM are documented here and on the [GitHub Releases page](https://github.com/ChurchCRM/CRM/releases).

Release notes are stored in the [`changelog/`](./changelog/) folder — one file per version.

---

## Releases

| Version | Date | Highlights |
|---------|------|------------|
| [7.4.0](./changelog/7.4.0.md) | June 2026 | ChurchCRM 7.4.0 refines security and improves user experience with UI enhancements

Redesigned single-card login interface, enhanced password reset security with cryptographic tokens, export controls limited to administrators, Slovak language support added, Docker images now run as non-root user |
| [7.3.3](./changelog/7.3.3.md) | May 2026 | ChurchCRM 7.3.3 strengthens stability with security hardening and installation fixes

Subdirectory navigation fixes, automatic database port defaults, configuration file access blocking, safe event/group deletions, CSV country auto-detection |
| [7.3.2](./changelog/7.3.2.md) | May 2026 | ChurchCRM 7.3.2 hardens security and refines data workflows

Configuration file access blocking, safe group/event deletion with orphan cleanup, member import respects default country setting, kiosk event dropdown displays dates, 1760 translation updates across 40 locales |
| [7.3.1](./changelog/7.3.1.md) | April 2026 | ChurchCRM 7.3.1 enhances security and modernizes note management for congregations

Shared family timeline with synchronized notes, professional-grade REST API security for pastoral notes, API lockout and 2FA protection restored, Kiosk 60-second smart-refresh reduces network load, lazy-loading plugin system with remote registry |
| [7.3.0](./changelog/7.3.0.md) | April 2026 | ChurchCRM 7.3.0 expands customization with plugins and fixes timezone issues, Community Plugin System, Timezone refactoring for wall-clock precision, Kiosk support for all group types, Timeline filters on member profiles, Regional language grouping |
| [7.2.2](./changelog/7.2.2.md) | April 2026 | CSRF hardening (GHSA-3xq9-c86x-cwpp), person delete fix, orphaned images cleanup, 41 locales |
| [7.2.1](./changelog/7.2.1.md) | April 2026 | Permission consolidation, admin menu bypass fix, photo cache bust, FrankenPHP redirect fix |
| [7.2.0](./changelog/7.2.0.md) | April 2026 | Event MVC epic, responsive design guidelines, 27 locales translated, GA4 tracking, mobile UX |
| [7.1.2](./changelog/7.1.2.md) | April 2026 | User settings redesign, CSV import fields, MvcAppFactory, React removal |
| [7.1.1](./changelog/7.1.1.md) | April 2026 | Stored XSS fix, CSP hardening, notification system redesign, CSS cleanup |
| [7.1.0](./changelog/7.1.0.md) | April 2026 | Tabler/BS5 UI overhaul, 46 locales, security hardening, export hub, Functions.php removal |
| [7.0.5](./changelog/7.0.5.md) | March 2026 | Effortless upgrades, mapping precision, 100% translations |
| [7.0.4](./changelog/7.0.4.md) | March 2026 | Smoother upgrades, standardized logging, geocoding refinements |
| [7.0.3](./changelog/7.0.3.md) | March 2026 | Maps improvements, Church Info page, FrankenPHP support |
| [7.0.2](./changelog/7.0.2.md) | March 2026 | Bug fixes, form validation, timezone handling |
| [7.0.1](./changelog/7.0.1.md) | March 2026 | API docs, bug fixes, developer workflow improvements |
| [7.0.0](./changelog/7.0.0.md) | February 2026 | Plugin system, Leaflet maps, PHP 8.4, 10th anniversary |
| [6.8.1](./changelog/6.8.1.md) | February 2026 | XSS fix, timezone precision, safer upgrades |
| [6.8.0](./changelog/6.8.0.md) | January 2026 | Redesigned Check-in Kiosk, CSV export open to all users |
| [6.7.3](./changelog/6.7.3.md) | January 2026 | Locale update |
| [6.7.2](./changelog/6.7.2.md) | January 2026 | Person Properties XSS patch (GHSA-8r36-fvxj-26qv) |
| [6.7.1](./changelog/6.7.1.md) | January 2026 | 4 security fixes, event editor fix, tax report memory fix |
| [6.7.0](./changelog/6.7.0.md) | January 2026 | Pledge Dashboard integrated, code quality, phone improvements |
| [6.6.1](./changelog/6.6.1.md) | December 2025 | Deposit report fixes, event editor, group properties |
| [6.6.0](./changelog/6.6.0.md) | December 2025 | Afrikaans/Arabic 100%, Pledge Dashboard, phone mask |
| [6.5.4](./changelog/6.5.4.md) | December 2025 | Opcache fix for upgrades, API field fixes |
| [6.5.3](./changelog/6.5.3.md) | December 2025 | ChMeetings export, user management MVC, API error handling |
| [6.5.2](./changelog/6.5.2.md) | December 2025 | Person API stability fix |
| [6.5.1](./changelog/6.5.1.md) | December 2025 | Asset cache-busting, system logs fix |
| [6.5.0](./changelog/6.5.0.md) | December 2025 | Global search redesign, photo overhaul, simplified families |
| [6.4.0](./changelog/6.4.0.md) | December 2025 | 🔴 Critical: SQL injection × 3, stored XSS — upgrade immediately |
| [6.3.0](./changelog/6.3.0.md) | December 2025 | Person/Family editor redesign, Finance module, security hardening |
| [6.2.0](./changelog/6.2.0.md) | November 2025 | Finance reports, admin consolidation, server info |
| [6.1.0](./changelog/6.1.0.md) | November 2025 | Smarter upgrade detection |
| [6.0.2](./changelog/6.0.2.md) | November 2025 | Login session stability |
| [6.0.1](./changelog/6.0.1.md) | November 2025 | Deposit editor, setup fixes |
| [6.0.0](./changelog/6.0.0.md) | November 2025 | New foundation: admin redesign, upgrade wizard, security fixes |

---

*For releases prior to 6.0.0, see the [GitHub Releases archive](https://github.com/ChurchCRM/CRM/releases).*
