Commit | Line | Data |
---|---|---|
08eb0a2b SL |
1 | # CiviCRM 5.24.3 |
2 | ||
3 | Released April 15, 2020 | |
4 | ||
5 | - **[Security advisories](#security)** | |
6 | - **[Credits](#credits)** | |
7 | ||
8 | ## <a name="synopsis"></a>Synopsis | |
9 | ||
10 | | *Does this version...?* | | | |
11 | |:--------------------------------------------------------------- |:-------:| | |
12 | | **Fix security vulnerabilities?** | **yes** | | |
13 | | Change the database schema? | no | | |
14 | | Alter the API? | no | | |
15 | | Require attention to configuration options? | no | | |
16 | | Fix problems installing or upgrading to a previous version? | no | | |
17 | | Introduce features? | no | | |
18 | | Fix bugs? | no | | |
19 | ||
20 | ## <a name="security"></a>Security advisories | |
21 | ||
6e2652ab TO |
22 | - **[CIVI-SA-2020-01](https://civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API** |
23 | - **[CIVI-SA-2020-02](https://civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure** | |
24 | - **[CIVI-SA-2020-03](https://civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization** | |
25 | - **[CIVI-SA-2020-04](https://civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports** | |
26 | - **[CIVI-SA-2020-05](https://civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity** | |
27 | - **[CIVI-SA-2020-06](https://civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder** | |
28 | - **[CIVI-SA-2020-07](https://civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs** | |
29 | - **[CIVI-SA-2020-08](https://civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries** | |
08eb0a2b SL |
30 | |
31 | ## <a name="credits"></a>Credits | |
32 | ||
33 | This release was developed by the following people, who participated in | |
34 | various stages of reporting, analysis, development, review, and testing: | |
35 | ||
6e2652ab | 36 | Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies; |
08eb0a2b SL |
37 | Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot; |
38 | Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs; | |
39 | Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE; | |
6e2652ab | 40 | Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM |