[civicrm-core.git] / release-notes / 5.24.3.md

# CiviCRM 5.24.3

Released April 15, 2020

- **[Security advisories](#security)**
- **[Credits](#credits)**

## <a name="synopsis"></a>Synopsis

| *Does this version...?*                                         |         |
|:--------------------------------------------------------------- |:-------:|
| **Fix security vulnerabilities?**                               | **yes** |
| Change the database schema?                                     |   no    |
| Alter the API?                                                  |   no    |
| Require attention to configuration options?                     |   no    |
| Fix problems installing or upgrading to a previous version?     |   no    |
| Introduce features?                                             |   no    |
| Fix bugs?                                                       |   no    |

## <a name="security"></a>Security advisories

- **[CIVI-SA-2020-01](https://civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API**
- **[CIVI-SA-2020-02](https://civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure**
- **[CIVI-SA-2020-03](https://civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization**
- **[CIVI-SA-2020-04](https://civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports**
- **[CIVI-SA-2020-05](https://civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity**
- **[CIVI-SA-2020-06](https://civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder**
- **[CIVI-SA-2020-07](https://civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs**
- **[CIVI-SA-2020-08](https://civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries**

## <a name="credits"></a>Credits

This release was developed by the following people, who participated in
various stages of reporting, analysis, development, review, and testing:

Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies;
Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE; 
Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM
Commit	Line	Data
08eb0a2b SL	1	# CiviCRM 5.24.3
	2
	3	Released April 15, 2020
	4
	5	- [Security advisories](#security)
	6	- [Credits](#credits)
	7
	8	## <a name="synopsis"></a>Synopsis
	9
	10	\| Does this version...? \| \|
	11	\|:--------------------------------------------------------------- \|:-------:\|
	12	\| Fix security vulnerabilities? \| yes \|
	13	\| Change the database schema? \| no \|
	14	\| Alter the API? \| no \|
	15	\| Require attention to configuration options? \| no \|
	16	\| Fix problems installing or upgrading to a previous version? \| no \|
	17	\| Introduce features? \| no \|
	18	\| Fix bugs? \| no \|
	19
	20	## <a name="security"></a>Security advisories
	21
6e2652ab TO	22	- [CIVI-SA-2020-01](https://civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API
	23	- [CIVI-SA-2020-02](https://civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure
	24	- [CIVI-SA-2020-03](https://civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization
	25	- [CIVI-SA-2020-04](https://civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports
	26	- [CIVI-SA-2020-05](https://civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity
	27	- [CIVI-SA-2020-06](https://civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder
	28	- [CIVI-SA-2020-07](https://civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs
	29	- [CIVI-SA-2020-08](https://civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries
08eb0a2b SL	30
	31	## <a name="credits"></a>Credits
	32
	33	This release was developed by the following people, who participated in
	34	various stages of reporting, analysis, development, review, and testing:
	35
6e2652ab	36	Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies;
08eb0a2b SL	37	Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
	38	Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
	39	Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE;
6e2652ab	40	Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM