# 🎊 ChurchCRM 7.0.0 — A Decade of Service

> *Ten years. Thousands of churches. One mission.*

Released: February 2026 · Built on trust since 2015

---

ChurchCRM turns **10 this year**. What started in 2015 as a community-driven project to give churches a free, open-source management tool has grown into a platform serving congregations in **44 languages across six continents**. Version 7.0.0 is our most ambitious release yet — a major leap forward in extensibility, privacy, security, and global reach.

Thank you to every contributor, translator, and congregation that made this decade possible. This one's for you. 🙏

---

> ⚠️ **BEFORE YOU UPGRADE — PHP 8.4 IS REQUIRED**
>
> ChurchCRM 7.0.0 **will not run on PHP 8.3 or earlier**. If your hosting environment has not been upgraded to PHP 8.4, **do not start the upgrade** — your site will break.
>
> **Steps to take before upgrading ChurchCRM:**
> 1. Log into your hosting control panel (cPanel, Plesk, etc.)
> 2. Switch your PHP version to **8.4** or later
> 3. Confirm your site still loads on the current version
> 4. Then proceed with the ChurchCRM 7.0.0 upgrade
>
> If you manage your own server, update PHP via your package manager first. Contact your hosting provider if you are unsure how to change your PHP version.
>
> Additionally: plugin configurations (MailChimp, Vonage, OpenLP, etc.) will need to be re-entered in the new Plugin Manager after upgrade, as integration settings have moved to the plugin architecture.

---

## 🧩 A New Way to Extend ChurchCRM — The Plugin System

The headline feature of 7.0.0 is a brand-new **WordPress-style plugin architecture** that transforms how ChurchCRM integrates with external services.

Previously, integrations like MailChimp, Vonage SMS, and OpenLP were baked into the core application — hard to disable, harder to update. Now they live as first-class plugins with a clean, consistent interface:

- **Enable or disable** any integration without touching core code
- **Test your connection** before saving — a new *Test Connection* button validates credentials live
- **Password fields are masked** in settings to protect sensitive credentials from screen sharing
- **Reset to defaults** in one click when something goes wrong
- **Inject custom content** into page headers or footers via plugin hooks

**Plugins included in 7.0.0:**

| Plugin | What it does |
|--------|-------------|
| 📧 MailChimp | Sync your congregation with your email list |
| 📱 Vonage SMS | Send SMS alerts directly from ChurchCRM |
| 🖥️ OpenLP | Control your presentation software from ChurchCRM |
| 🔒 Gravatar | Profile photos pulled automatically by email |
| 📊 Google Analytics | Track usage with your own GA account |
| ☁️ External Backup (WebDAV) | Cloud backups to Nextcloud, ownCloud, or any WebDAV server |
| 🔗 Custom Menu Links | Add your own links to the navigation sidebar |

The plugin system is designed to grow — future integrations will be plugins from day one.

---

## 🗺️ Maps Without Google — Free & Private by Default

ChurchCRM has replaced its dependency on Google Maps with **Leaflet.js**, the leading open-source mapping library. This change affects every map in the system: family location maps, congregation density views, and address lookups.

**What changed for you:**
- **No Google Maps API key required** — set up maps with zero configuration
- **No API billing** — your church's family data is never sent to Google for rendering
- **Get Directions deep-link** — every family and person view now has a one-click *Get Directions* button that opens the user's preferred maps app (Google Maps, Apple Maps, Waze, etc.)
- **Bing Maps removed** — Bing Maps was retired in June 2025; all references have been cleaned up

---

## 🛡️ Security — Hardened for 2026

This release patches several important vulnerabilities discovered during our ongoing security audit:

- **Stored XSS fixed in Person Property Management** — a crafted property value could execute script in an admin's browser. Fixed and covered by automated tests.
- **XSS fixed in person-list filter dropdowns** — injected markup in search filter values is now properly escaped.
- **Open redirect vulnerability fixed** — the `linkBack` URL parameter now validates that redirects stay within ChurchCRM. External redirect attempts are blocked and logged.
- **Plugin settings no longer leak credentials** — all password/API-key fields render as `type="password"` in the plugin settings UI.

*All three XSS fixes are backed by new Cypress security test suites that will catch regressions in CI.*

---

## 🌍 44 Languages — Translations Powered by Community & AI

ChurchCRM 7.0.0 ships with support for **44 languages**, from Afrikaans to Vietnamese, with active translations maintained by our POEditor community.

New in this release:
- **Browser locale detection** — ChurchCRM now detects your browser's preferred language on first visit and suggests switching if a better match is available (dismissible, version-aware)
- **AI-assisted translation workflow** — the development team has introduced an AI translation pipeline for missing terms, with human review by denomination-aware contributors before publication
- **DataTables fully localized** — the new DataTables v2 upgrade properly applies locale to all interactive tables

Languages with recent translation updates include: Spanish (ES/AR/MX/CO/SV), French, Portuguese (BR/PT), German, Chinese (Simplified/Traditional), Italian, Russian, Ukrainian, Korean, Japanese, Dutch, Polish, Swedish, Norwegian, Finnish, Romanian, Indonesian, and more.

---

## ⚙️ Under the Hood — Platform Modernization

### PHP 8.4 Required
ChurchCRM 7.0.0 requires **PHP 8.4 or later**. This enables use of modern PHP features for safety and performance. If you are on PHP 8.3, please upgrade your hosting environment before updating.

### Two-Factor Authentication Improvements
- QR code library upgraded to **endroid/qr-code v6** with improved generation quality
- 2FA enrollment and management UX fully modernized
- Google 2FA library updated to **pragmarx/google2fa v9.0**
- 2FA enable/require flags are now managed directly from the Users page — no separate system setting needed

### UI Consistency: Complete Bootstrap 4 / AdminLTE 3 Migration
Every remaining page that still used Bootstrap 3 or AdminLTE 2 classes has been updated. ChurchCRM now runs **100% on Bootstrap 4.6.2 and AdminLTE 3** throughout — consistent styling, correct responsive behavior, and no mixed-framework surprises.

### DataTables v2
Interactive tables across the application have been upgraded to **DataTables v2.x**, with the Bootstrap 4 renderer properly initialized and all locale integration corrected.

### Logging Overhaul
- **Monolog upgraded to v3.10** — production-ready structured logging with improved performance
- Log retention reduced from 30 days to **3 days** to prevent disk fill on small servers
- Logger no longer blocks application startup if the log directory is misconfigured

### PHPMailer v7
Email delivery now runs on **PHPMailer v7.0.2**, the latest stable release with security and compatibility improvements.

### Perpl ORM (Propel Fork)
ChurchCRM has migrated from the unmaintained Propel ORM to **Perpl ORM**, an actively maintained community fork that keeps the same API while receiving ongoing bug fixes and PHP 8.4 compatibility updates.

### Server Compatibility
- URL rewrite detection now correctly identifies **Apache, nginx, LiteSpeed, and shared hosting** environments — fixing installation issues on non-Apache stacks
- Subdirectory installations work more reliably across all server types

### Build Tooling
- Migrated from **ESLint + Prettier to Biome** for unified, faster JS/TS linting and formatting
- **Node.js 24 LTS** is now the required runtime for building assets
- **Uppy photo uploader** upgraded to v5.2.0

---

## 🗑️ Removed in 7.0.0

| Removed | Replacement |
|---------|-------------|
| Google Maps API render key | Leaflet.js (no key needed) |
| Bing Maps provider | Leaflet.js (Bing retired June 2025) |
| `bootstrap-toggle` library | Native Bootstrap 4 custom switches |
| `sCSVExportDelimiter` setting | Removed (unused) |
| `bAllowPrereleaseUpgrade` setting | Controlled from the Upgrade page directly |
| Custom Menu Links (core) | Custom Menu Links plugin |
| MailChimp (core) | MailChimp plugin |
| Vonage SMS (core) | Vonage plugin |
| OpenLP (core) | OpenLP plugin |

---

## 🎁 Looking Ahead

Ten years in, ChurchCRM is more active than ever. The plugin system opens the door to a growing ecosystem of community-built integrations. The maps overhaul is the beginning of a broader privacy-by-default initiative. And our localization pipeline — now AI-assisted and human-reviewed — will help us close the remaining translation gaps across all 44 languages.

Whether your congregation has 50 members or 5,000, whether you're in Seoul or São Paulo or Nairobi — ChurchCRM is built for you.

*Here's to the next ten years.* 🎊

---

**Full Changelog**: https://github.com/ChurchCRM/CRM/compare/6.8.1...7.0.0
