| 1 | # CiviCRM 4.7.26 |
| 2 | |
| 3 | Released Nov 1, 2017 |
| 4 | |
| 5 | - **[Security advisories](#security)** |
| 6 | - **[Credits](#credits)** |
| 7 | |
| 8 | ## <a name="security"></a>Security advisories |
| 9 | |
| 10 | |
| 11 | - **[CIVI-SA-2017-08](https://civicrm.org/advisory/civi-sa-2017-08-xss-in-html-link-attributes)** XSS in HTML link attributes |
| 12 | - **[CIVI-SA-2017-09](https://civicrm.org/advisory/civi-sa-2017-09-shell-injection-vulerabilty-in-smarty)** Shell injection vulerabilty in Smarty |
| 13 | - **[CIVI-SA-2017-10](https://civicrm.org/advisory/civi-sa-2017-10-xss-scripting-in-preimum-product-name)** XSS scripting in preimum product name |
| 14 | - **[CIVI-SA-2017-11](https://civicrm.org/advisory/civi-sa-2017-11-xss-in-dedupe-rules)** XSS in dedupe rules |
| 15 | - **[CIVI-SA-2017-12](https://civicrm.org/advisory/civi-sa-2017-12-xss-in-tag-description)** XSS in tag description |
| 16 | - **[CIVI-SA-2017-13](https://civicrm.org/advisory/civi-sa-2017-13-selectedchild-url-paramater-not-properly-validated-for-civicrm-message)** SelectedChild URL parameter not properly validated |
| 17 | - **[CIVI-SA-2017-14](https://civicrm.org/advisory/civi-sa-2017-14-xss-in-search-critiera-description)** XSS in Search Critiera Description |
| 18 | - **[CIVI-SA-2017-15](https://civicrm.org/advisory/civi-sa-2017-15-extension-key-not-properly-validated-when-adding-or-disabling-or)** Extension key not properly validated |
| 19 | - **[CIVI-SA-2017-16](https://civicrm.org/advisory/civi-sa-2017-16-sql-injection-risk-in-civireports-listing)** SQL injection risk in CiviReports |
| 20 | |
| 21 | ## <a name="credits"></a>Credits |
| 22 | |
| 23 | This release was developed by the following code authors: |
| 24 | |
| 25 | Australian Greens - Seamus Lee; Left Join Labs - Sean Madsen |
| 26 | |
| 27 | Most authors also reviewed code for this release; in addition, the following |
| 28 | reviewers contributed their comments: |
| 29 | |
| 30 | CiviCRM - Coleman Watts; JMA Consulting - Monish Deb; Wikimedia Foundation - |
| 31 | Eileen McNaughton |