Community Builder 2.0.13 is a maintenance release that fixes 21 bugs and adds 6 new features (PHP 7 compatibility, Bootstrap and Fontawesome updates - see forum discussion for full changelog) paving the way for the upcoming Joomla 3.5 release.
CB 2.0+ websites can be upgraded to latest CB 2.0.13 using the built-in Joomla upgrader or with a simple install over (precautionary backup always recommended) as all previous settings are kept.
The Community Builder and GroupJivePrimer Books have been updated to be compatible with latest software releases. Both also now contain special sections describing how to upgrade from previous releases.
"Security is an ongoing journey: The best way to stay safe is to always stay up-to-date" says Beat (CB Team and JSST - Joomla Security Strike Team member).
The previous Joomla 3.4.6 critical security release triggered an in depth security investigation by the JSST Team to better understand the true nature and cause of this vulnerability.
This "follow the code" process has identified the root cause of this issue down to a specific PHP security bug, already fixed on 4th September 2015 in PHP 5.4.45, 5.5.29 and 5.6.13 (and also in all PHP 7 releases) and also in all major Linux distributions back in September 2015
In an effort to help secure Joomla against poorly maintained hosting environments, the Joomla project has released Joomla 3.4.7 along with Joomla 2.5 and 1.5 code fixes.
This is really important! If you are reading this, you should stop what you are doing and start updating/patching all your websites now.
There is no need to delay. The Joomla 3.4.6 package only addresses the vulnerabilities and will not break anything you have installed upgrading from 3.4.5 to 3.4.6 (including of course Community Builder 2.0.12).
If your website is not patched and your hosting does not have proper security counter-measures (btw - our hosting has already blocked thousands of attackers), you are at risk - protect your websites now !