| 1 | # CiviCRM 5.24.3 |
| 2 | |
| 3 | Released April 15, 2020 |
| 4 | |
| 5 | - **[Security advisories](#security)** |
| 6 | - **[Credits](#credits)** |
| 7 | |
| 8 | ## <a name="synopsis"></a>Synopsis |
| 9 | |
| 10 | | *Does this version...?* | | |
| 11 | |:--------------------------------------------------------------- |:-------:| |
| 12 | | **Fix security vulnerabilities?** | **yes** | |
| 13 | | Change the database schema? | no | |
| 14 | | Alter the API? | no | |
| 15 | | Require attention to configuration options? | no | |
| 16 | | Fix problems installing or upgrading to a previous version? | no | |
| 17 | | Introduce features? | no | |
| 18 | | Fix bugs? | no | |
| 19 | |
| 20 | ## <a name="security"></a>Security advisories |
| 21 | |
| 22 | - **[CIVI-SA-2020-01](https://civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API** |
| 23 | - **[CIVI-SA-2020-02](https://civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure** |
| 24 | - **[CIVI-SA-2020-03](https://civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization** |
| 25 | - **[CIVI-SA-2020-04](https://civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports** |
| 26 | - **[CIVI-SA-2020-05](https://civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity** |
| 27 | - **[CIVI-SA-2020-06](https://civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder** |
| 28 | - **[CIVI-SA-2020-07](https://civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs** |
| 29 | - **[CIVI-SA-2020-08](https://civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries** |
| 30 | |
| 31 | ## <a name="credits"></a>Credits |
| 32 | |
| 33 | This release was developed by the following people, who participated in |
| 34 | various stages of reporting, analysis, development, review, and testing: |
| 35 | |
| 36 | Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies; |
| 37 | Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot; |
| 38 | Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs; |
| 39 | Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE; |
| 40 | Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM |