# 🚀 ChurchCRM 6.0.0 — A New Foundation

> *A complete overhaul, built for modern churches.*

Released: November 2025

---

ChurchCRM 6.0 is a major new release that rebuilds the administration experience from the ground up. After years of incremental improvements, 6.0 replaces outdated pages with a modern, consistent interface — while fixing long-standing security issues and making the upgrade process dramatically safer.

---

## 🏗️ New Administration Experience

The system upgrade flow has been completely rebuilt using a modern MVC architecture. Instead of a fragile, hard-to-maintain legacy page, the new upgrade wizard provides a clear, step-by-step process with real-time feedback and proper error handling.

- **System Upgrade page** redesigned with clean MVC patterns and spinner feedback
- **Setup wizard** improved to handle subdirectory installations and trailing slash routing correctly
- **Admin pages** consolidated and standardized throughout

---

## 🛡️ Security Fixes

- **XSS vulnerabilities fixed in the custom menu system** — injected markup in custom navigation links is now properly escaped
- **Setup wizard path handling hardened** — fixed double-slash in document root paths and improved file path detection
- **Integrity checking** improved for file system validation during setup

---

## 💰 Financial Module Improvements

- **Deposit slip editor** improvements: better fund filtering and UX
- **Financial report edge cases** fixed — fatal errors with orphaned payments prevented
- **Deposit slip** now handles payments without a family association correctly
- **Password reset** page redesigned with Bootstrap 4 layout and standard API patterns
- **Forgot password UX** improved with better error handling and user-friendly messaging

---

## 🌍 Localization

- Locale update pipeline rebuilt and improved
- Updated translations from POEditor

---

## ⚙️ Under the Hood

- **ESLint** added with TypeScript unused-variable checks and CI lint job
- **Cypress tests** refactored to use a shared `setupAdminSession` helper for more reliable and maintainable E2E testing
- Removed unused `verot/class.upload.php` dependency
- Setup wizard no longer depends on `Config.php`

---

**Full Changelog**: https://github.com/ChurchCRM/CRM/compare/v5.20.0...6.0.0
