projects / civicrm-core.git / blame
| Commit | Line | Data |
|---|---|---|
| 773a44f8 SL |
1 | # CiviCRM 5.19.2 |
| 2 | ||
| 3 | Released November 20, 2019 | |
| 4 | ||
| 5 | - **[Security advisories](#security)** | |
| 773a44f8 SL |
6 | - **[Credits](#credits)** |
| 7 | ||
| 3019818a SL |
8 | ## <a name="synopsis"></a>Synopsis |
| 9 | ||
| 10 | | *Does this version...?* | | | |
| 11 | |:--------------------------------------------------------------- |:-------:| | |
| 12 | | **Fix security vulnerabilities?** | **yes** | | |
| 13 | | Change the database schema? | no | | |
| 14 | | Alter the API? | no | | |
| 15 | | Require attention to configuration options? | no | | |
| 16 | | Fix problems installing or upgrading to a previous version? | no | | |
| 17 | | Introduce features? | no | | |
| 18 | | **Fix bugs?** | **yes** | | |
| 19 | ||
| 773a44f8 SL |
20 | ## <a name="security"></a>Security advisories |
| 21 | ||
| 22 | - **[CIVI-SA-2019-19](https://civicrm.org/advisory/civi-sa-2019-19-sqli-in-dedupefind)**: SQLI in dedupefind | |
| 23 | - **[CIVI-SA-2019-20](https://civicrm.org/advisory/civi-sa-2019-20-privilege-escalation-via-leaked-key)**: Privilege Escalation via Leaked Key | |
| dd09976d | 24 | - **[CIVI-SA-2019-21](https://civicrm.org/advisory/civi-sa-2019-21-poi-saved-search-and-report-instance-apis)**: POI via Saved Search and Report Instance APIs |
| 773a44f8 SL |
25 | - **[CIVI-SA-2019-22](https://civicrm.org/advisory/civi-sa-2019-22-xss-in-dashboard-titles)**: XSS in Dashboard Titles |
| 26 | - **[CIVI-SA-2019-23](https://civicrm.org/advisory/civi-sa-2019-23-incorrect-storage-encoding-for-apiv4)**: Incorrect storage encoding for APIv4 | |
| cad10329 | 27 | - **[CIVIEXT-SA-2019-02](https://civicrm.org/advisory/civiext-sa-2019-02-xss-in-civicase-v5-extension)**: XSS in CiviCase v5 Extension. |
| bfc92657 | 28 | |
| 3019818a SL |
29 | ## <a name="bugs"></a>Bugs Resolved |
| 30 | ||
| 31 | - **([dev/core#1406](https://lab.civicrm.org/dev/core/issues/1406)) Report - Fix Filtering my Member shince in Member Summary Report: (bacport [15894](https://github.com/civicrm/civicrm-core/pull/15894))** | |
| 32 | - **([dev/core#1391](https://lab.civicrm.org/dev/core/issues/1391)) Contribution Search - Fix issue where the cancel date was not being loaded which meant that cancelled contributions were not being greyed out: (backport [15893](https://github.com/civicrm/civicrm-core/pull/15893))** | |
| 33 | - **([dev/core#1374](https://lab.civicrm.org/dev/core/issues/1374)) Contribution Search - Fix issue where after editing or clicking on the next link on a pager the form values would be lost when running the query and all contributions would be returned (backport [15896](https://github.com/civicrm/civicrm-core/pull/15896))** | |
| 34 | - **([dev/core#1409](https://lab.civicrm.org/dev/core/issues/1409)) Additional Payment Form - Remove net amount field as causing problems when entering a refund as net amount wasn't being validated properly and should only be calculated. (backport [15889](https://github.com/civicrm/civicrm-core/pull/15889))** | |
| 35 | ||
| bfc92657 | 36 | ## <a name="credits"></a>Credits |
| 37 | ||
| 38 | This release was developed by the following people, who participated in | |
| 39 | various stages of reporting, analysis, development, review, and testing: | |
| 40 | ||
| 41 | Alan Dixon of Blackfly Solutions; Coleman Watts of CiviCRM; Daniel Compton of | |
| 42 | Armadillo Sec Ltd; Eileen McNaughton of Wikimedia Foundation; Kevin Cristiano of | |
| 43 | Tadpole Collective; Patrick Figel of Greenpeace CEE; Seamus Lee of Australian | |
| 3019818a | 44 | Greens; Tim Otten of CiviCRM; Mark Burdett of Electronic Frontier Foundation; |