Commit | Line | Data |
---|---|---|
773a44f8 SL |
1 | # CiviCRM 5.19.2 |
2 | ||
3 | Released November 20, 2019 | |
4 | ||
5 | - **[Security advisories](#security)** | |
9c9fdd0c | 6 | - **[Bugs resolved](#bugs)** |
773a44f8 SL |
7 | - **[Credits](#credits)** |
8 | ||
3019818a SL |
9 | ## <a name="synopsis"></a>Synopsis |
10 | ||
11 | | *Does this version...?* | | | |
12 | |:--------------------------------------------------------------- |:-------:| | |
13 | | **Fix security vulnerabilities?** | **yes** | | |
14 | | Change the database schema? | no | | |
9c9fdd0c | 15 | | Alter the API? | **yes** | |
3019818a SL |
16 | | Require attention to configuration options? | no | |
17 | | Fix problems installing or upgrading to a previous version? | no | | |
18 | | Introduce features? | no | | |
19 | | **Fix bugs?** | **yes** | | |
20 | ||
773a44f8 SL |
21 | ## <a name="security"></a>Security advisories |
22 | ||
ae38f825 | 23 | - **[CIVI-SA-2019-19](https://civicrm.org/advisory/civi-sa-2019-19-sqli-in-dedupefind): SQL injection in "dedupefind"** |
24 | - **[CIVI-SA-2019-20](https://civicrm.org/advisory/civi-sa-2019-20-privilege-escalation-via-leaked-key): Privilege escalation via leaked key** | |
25 | - **[CIVI-SA-2019-21](https://civicrm.org/advisory/civi-sa-2019-21-poi-saved-search-and-report-instance-apis): PHP object injection via "Saved Search" and "Report Instance" APIs** | |
26 | - **[CIVI-SA-2019-22](https://civicrm.org/advisory/civi-sa-2019-22-xss-in-dashboard-titles): Cross-site scripting in dashboard titles** | |
27 | - **[CIVI-SA-2019-23](https://civicrm.org/advisory/civi-sa-2019-23-incorrect-storage-encoding-for-apiv4): Incorrect storage encoding for APIv4** | |
28 | - **[CIVIEXT-SA-2019-02](https://civicrm.org/advisory/civiext-sa-2019-02-xss-in-civicase-v5-extension): Cross-site scripting in CiviCase v5 extension** | |
bfc92657 | 29 | |
9c9fdd0c | 30 | ## <a name="bugs"></a>Bugs resolved |
3019818a | 31 | |
9c9fdd0c | 32 | - **_Member Summary Report_ - Fix filtering by "Member Since" ([dev/core#1406](https://lab.civicrm.org/dev/core/issues/1406): [15894](https://github.com/civicrm/civicrm-core/pull/15894))** |
33 | - **_Contribution Search_ - Fix issue with displaying cancellation date ([dev/core#1391](https://lab.civicrm.org/dev/core/issues/1391): [15893](https://github.com/civicrm/civicrm-core/pull/15893))** | |
34 | - **_Contribution Search_ - Fix issue where search criteria were applied inconsistently ([dev/core#1374](https://lab.civicrm.org/dev/core/issues/1374): [15896](https://github.com/civicrm/civicrm-core/pull/15896))** | |
35 | - **_Additional Payment Form, Payment API_ - Calculate "Net Amount" automatically. Remove error-prone field from UI. ([dev/core#1409](https://lab.civicrm.org/dev/core/issues/1409): [15889](https://github.com/civicrm/civicrm-core/pull/15889))** | |
3019818a | 36 | |
bfc92657 | 37 | ## <a name="credits"></a>Credits |
38 | ||
39 | This release was developed by the following people, who participated in | |
40 | various stages of reporting, analysis, development, review, and testing: | |
41 | ||
ae38f825 | 42 | Alan Dixon of Blackfly Solutions; Coleman Watts of CiviCRM; Daniel Compton |
43 | of Armadillo Sec Ltd; Dave D; Eileen McNaughton of Wikimedia Foundation; | |
44 | Karin Gerritsen of Semper IT; Kevin Cristiano of Tadpole Collective; Mark | |
45 | Burdett of Electronic Frontier Foundation; Morgan Robinson of Palante | |
46 | Technology Cooperative; Patrick Figel of Greenpeace CEE; Seamus Lee of | |
47 | Australian Greens; Tim Otten of CiviCRM |