[civicrm-core.git] / release-notes / 5.3.1.md

# CiviCRM 5.3.1

Released July 18, 2018

- **[Security advisories](#security)**
- **[Features](#features)**
- **[Bugs resolved](#bugs)**
- **[Miscellany](#misc)**
- **[Credits](#credits)**

## <a name="security"></a>Security advisories

- **[CIVI-SA-2018-01](https://civicrm.org/advisory/civi-sa-2018-01-sql-injection-in-get-cases-ajax-api)** SQL injection in get-cases AJAX API
- **[CIVI-SA-2018-02](https://civicrm.org/advisory/civi-sa-2018-02-reflected-xss-in-contribution-reports)** Reflected XSS in Contribution Reports
- **[CIVI-SA-2018-03](https://civicrm.org/advisory/civi-sa-2018-03-reflected-xss-in-error-message)** Reflected XSS in error message
- **[CIVI-SA-2018-04](https://civicrm.org/advisory/civi-sa-2018-04-sql-injection-in-custom-groups)** SQL injection in Custom Groups
- **[CIVI-SA-2018-05](https://civicrm.org/advisory/civi-sa-2018-05-reflected-xss-in-contact-merge-screen)** Reflected XSS in Contact Merge Screen
- **[CIVI-SA-2018-06](https://civicrm.org/advisory/civi-sa-2018-06-reflected-xss-in-context-parameter)** Reflected XSS in "New Membership" Form
- **[CIVI-SA-2018-07](https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform)** Remote Code Execution in QuickForm
Commit	Line	Data
361a4fff SL	1	# CiviCRM 5.3.1
	2
	3	Released July 18, 2018
	4
	5	- [Security advisories](#security)
	6	- [Features](#features)
	7	- [Bugs resolved](#bugs)
	8	- [Miscellany](#misc)
	9	- [Credits](#credits)
	10
	11	## <a name="security"></a>Security advisories
	12
	13	- [CIVI-SA-2018-01](https://civicrm.org/advisory/civi-sa-2018-01-sql-injection-in-get-cases-ajax-api) SQL injection in get-cases AJAX API
	14	- [CIVI-SA-2018-02](https://civicrm.org/advisory/civi-sa-2018-02-reflected-xss-in-contribution-reports) Reflected XSS in Contribution Reports
	15	- [CIVI-SA-2018-03](https://civicrm.org/advisory/civi-sa-2018-03-reflected-xss-in-error-message) Reflected XSS in error message
	16	- [CIVI-SA-2018-04](https://civicrm.org/advisory/civi-sa-2018-04-sql-injection-in-custom-groups) SQL injection in Custom Groups
	17	- [CIVI-SA-2018-05](https://civicrm.org/advisory/civi-sa-2018-05-reflected-xss-in-contact-merge-screen) Reflected XSS in Contact Merge Screen
	18	- [CIVI-SA-2018-06](https://civicrm.org/advisory/civi-sa-2018-06-reflected-xss-in-context-parameter) Reflected XSS in "New Membership" Form
3b1194f1	19	- [CIVI-SA-2018-07](https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform) Remote Code Execution in QuickForm
361a4fff	20