projects / civicrm-core.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Adding LibreJS back after bundles refactor upstream
[civicrm-core.git] / release-notes / 5.19.2.md
CommitLineData
773a44f8
SL		 1# CiviCRM 5.19.2
2
3Released November 20, 2019
4
5- **[Security advisories](#security)**
9c9fdd0c 6- **[Bugs resolved](#bugs)**
773a44f8
SL		 7- **[Credits](#credits)**
8
3019818a
SL		 9## <a name="synopsis"></a>Synopsis
10
11| *Does this version...?* | |
12|:--------------------------------------------------------------- |:-------:|
13| **Fix security vulnerabilities?** | **yes** |
14| Change the database schema? | no |
9c9fdd0c 15| Alter the API? | **yes** |
3019818a
SL		 16| Require attention to configuration options? | no |
17| Fix problems installing or upgrading to a previous version? | no |
18| Introduce features? | no |
19| **Fix bugs?** | **yes** |
20
773a44f8
SL		 21## <a name="security"></a>Security advisories
22
ae38f825 23- **[CIVI-SA-2019-19](https://civicrm.org/advisory/civi-sa-2019-19-sqli-in-dedupefind): SQL injection in "dedupefind"**
24- **[CIVI-SA-2019-20](https://civicrm.org/advisory/civi-sa-2019-20-privilege-escalation-via-leaked-key): Privilege escalation via leaked key**
25- **[CIVI-SA-2019-21](https://civicrm.org/advisory/civi-sa-2019-21-poi-saved-search-and-report-instance-apis): PHP object injection via "Saved Search" and "Report Instance" APIs**
26- **[CIVI-SA-2019-22](https://civicrm.org/advisory/civi-sa-2019-22-xss-in-dashboard-titles): Cross-site scripting in dashboard titles**
27- **[CIVI-SA-2019-23](https://civicrm.org/advisory/civi-sa-2019-23-incorrect-storage-encoding-for-apiv4): Incorrect storage encoding for APIv4**
28- **[CIVIEXT-SA-2019-02](https://civicrm.org/advisory/civiext-sa-2019-02-xss-in-civicase-v5-extension): Cross-site scripting in CiviCase v5 extension**
bfc92657 29
9c9fdd0c 30## <a name="bugs"></a>Bugs resolved
3019818a 31
9c9fdd0c 32- **_Member Summary Report_ - Fix filtering by "Member Since" ([dev/core#1406](https://lab.civicrm.org/dev/core/issues/1406): [15894](https://github.com/civicrm/civicrm-core/pull/15894))**
33- **_Contribution Search_ - Fix issue with displaying cancellation date ([dev/core#1391](https://lab.civicrm.org/dev/core/issues/1391): [15893](https://github.com/civicrm/civicrm-core/pull/15893))**
34- **_Contribution Search_ - Fix issue where search criteria were applied inconsistently ([dev/core#1374](https://lab.civicrm.org/dev/core/issues/1374): [15896](https://github.com/civicrm/civicrm-core/pull/15896))**
35- **_Additional Payment Form, Payment API_ - Calculate "Net Amount" automatically. Remove error-prone field from UI. ([dev/core#1409](https://lab.civicrm.org/dev/core/issues/1409): [15889](https://github.com/civicrm/civicrm-core/pull/15889))**
3019818a 36
bfc92657 37## <a name="credits"></a>Credits
38
39This release was developed by the following people, who participated in
40various stages of reporting, analysis, development, review, and testing:
41
ae38f825 42Alan Dixon of Blackfly Solutions; Coleman Watts of CiviCRM; Daniel Compton
43of Armadillo Sec Ltd; Dave D; Eileen McNaughton of Wikimedia Foundation;
44Karin Gerritsen of Semper IT; Kevin Cristiano of Tadpole Collective; Mark
45Burdett of Electronic Frontier Foundation; Morgan Robinson of Palante
46Technology Cooperative; Patrick Figel of Greenpeace CEE; Seamus Lee of
d19a1b19 47Australian Greens; Tim Otten of CiviCRM