Skip to content
Snippets Groups Projects

CiviCRM v5.49 Schedule Reminder Notice

Last edited by totten

Overview

"Scheduled Reminders" in v5.49.0 may store incorrect configuration data - in which case, the system may send extra notifications to all contacts. The issue is generally fixed in v5.49.2+, but some configurations should be reviewed.

For analysis and discussion, see #3464 (closed) and #3465 (closed)

(This page is ever-green and may be updated if recommendations or techniques change.)

Current Recommendations

The recommendations depend on your current version:

Current Version Recommendation
5.48.x or older Upgrade to 5.49.2+ at your leisure. You will not be affected by this advisory.
5.49.beta, 5.49.0, 5.49.1 Upgrade to 5.49.2+ as soon as possible.
After upgrading, review the "Scheduled Reminders".
If you cannot upgrade, then disable "Scheduled Reminders".

Affected data

The issue arises from a subtle schema change in the "Scheduled Reminder" entity, which includes a field named "Limit or Add Recipients" (civicrm_action_schedule.limit_to):

Edit Scheduled Reminder

In 5.49.0, the first option ("-neither-") is stored incorrectly -- it is converted to "Also include". This erroneous conversion affected pre-existing reminders (#3464 (closed)) as well as new and updated reminders (#3465 (closed)).

Option Stored Value (5.48) Stored Value (5.49.0) Stored Value (5.49.2)
"-neither-" limit_to=null limit_to=0 (incorrect) limit_to=null
"Limit to" limit_to=1 limit_to=1 limit_to=1
"Also include" limit_to=0 limit_to=0 limit_to=0

The upgrade for 5.49.2 re-enables storage for all three options.

Additionally, 5.49.2 examines the overall settings and restores the limit_to option, converting from "Also include" (limit_to=0) back to "-neither-" (limit_to=null). It should restore very problematic records (ones which massively overcommunicate) and easy records (which have clearcut histories).

However, it may not restore all records. From a database perspective, it is not possible to automatically distinguish between:

  1. Records which are truly set to "Also include".
  2. Records which were recently set "-neither-" but which historically used a value of "Also include".

If your system has any ambiguous "Scheduled Reminders" (where it cannot distinguish #1 and #2), then the upgrader will encourage you to review those records manually.

Comments

    Please register or sign in to add a comment.