Commit | Line | Data |
---|---|---|
9fbbd76e SL |
1 | # CiviCRM 5.13.4 |
2 | ||
3 | Released May 15, 2019 | |
4 | ||
5 | - **[Security advisories](#security)** | |
6 | - **[Features](#features)** | |
7 | - **[Bugs resolved](#bugs)** | |
8 | - **[Miscellany](#misc)** | |
9 | - **[Credits](#credits)** | |
10 | ||
11 | ## <a name="security"></a>Security advisories | |
12 | ||
a8f67d22 | 13 | - **[CIVI-SA-2019-09](https://civicrm.org/advisory/civi-sa-2019-09-xxe-in-phpword)**: XXE in PHPWord |
14 | - **[CIVI-SA-2019-10](https://civicrm.org/advisory/civi-sa-2019-10-tcpdf-xss-and-rce-vulerabilities)**: TCPDF XSS and RCE vulnerabilities | |
15 | - **[CIVI-SA-2019-11](https://civicrm.org/advisory/civi-sa-2019-11-jquery-objectprototype-pollution)**: jQuery Object.prototype pollution | |
16 | - **[CIVI-SA-2019-12](https://civicrm.org/advisory/civi-sa-2019-12-sqli-in-country-et-al)**: SQLI in "Country", et al | |
17 | - **[CIVI-SA-2019-13](https://civicrm.org/advisory/civi-sa-2019-13-harden-against-unserialize-vulnerabilities)**: Harden against unserialize vulnerabilities | |
18 | - **[CIVI-SA-2019-14](https://civicrm.org/advisory/civi-sa-2019-14-sqli-in-apiv3-getoptions)**: SQLI in APIv3 GetOptions | |
19 | - **[CIVI-SA-2019-15](https://civicrm.org/advisory/civi-sa-2019-15-xss-via-forged-mime-type)**: XSS via forged MIME type | |
20 | - **[CIVI-SA-2019-16](https://civicrm.org/advisory/civi-sa-2019-16-sqli-in-certain-checkboxes)**: SQLI in certain checkboxes | |
21 | - **[CIVI-SA-2019-17](https://civicrm.org/advisory/civi-sa-2019-17-sqli-in-manage-events)**: SQLI in "Manage Events" | |
22 | - **[CIVI-SA-2019-18](https://civicrm.org/advisory/civi-sa-2019-18-xss-in-civicrm-installer)**: XSS in CiviCRM installer | |
13558593 | 23 | - **[CIVIEXT-SA-2019-01](https://civicrm.org/advisory/civiext-sa-2019-01-multiple-security-issues-in-apiv4)**: Multiple security issues in APIv4 |