release-notes/5.10.3.md

   1 # CiviCRM 5.10.3
   2
   3 Released February 20, 2019
   4
   5 - **[Synopsis](#synopsis)**
   6 - **[Security advisories](#security)**
   7 - **[Bugs resolved](#bugs)**
   8 - **[Feedback](#feedback)**
   9
  10 ## <a name="synopsis"></a>Synopsis
  11
  12 | *Does this version...?*                                         |         |
  13 |:--------------------------------------------------------------- |:-------:|
  14 | **Fix security vulnerabilities?**                               | **yes** |
  15 | Change the database schema?                                     |   no    |
  16 | Alter the API?                                                  |   no    |
  17 | Require attention to configuration options?                     |   no    |
  18 | Fix problems installing or upgrading to a previous version?     |   no    |
  19 | Introduce features?                                             |   no    |
  20 | **Fix bugs?**                                                   | **yes** |
  21
  22 ## <a name="security"></a>Security advisories
  23 - **[CIVI-SA-2019-01](https://civicrm.org/advisory/civi-sa-2019-01-weak-access-control-for-file-attachments)**:
  24   Weak access-control for file attachments
  25 - **[CIVI-SA-2019-02](https://civicrm.org/advisory/civi-sa-2019-02-sqli-in-prevnext-cache)**:
  26   SQL Injection in "PrevNext" Cache
  27 - **[CIVI-SA-2019-03](https://civicrm.org/advisory/civi-sa-2019-03-xss-in-logging-details-report)**:
  28   Cross-Site Scripting in "Logging Details" Report
  29 - **[CIVI-SA-2019-04](https://civicrm.org/advisory/civi-sa-2019-04-sqli-in-group-tag-filters)**:
  30   SQL Injection in Group and Tag Filters
  31 - **[CIVI-SA-2019-05](https://civicrm.org/advisory/civi-sa-2019-05-xss-in-new-pledge-form)**:
  32   Cross-Site Scripting in "New Pledge" Form
  33 - **[CIVI-SA-2019-06](https://civicrm.org/advisory/civi-sa-2019-06-xss-in-contact-entity-reference-fields)**:
  34   Cross-Site Scripting in Contact Reference Fields
  35 - **[CIVI-SA-2019-07](https://civicrm.org/advisory/civi-sa-2019-07-limit-cross-domain-execution-by-jquery)**:
  36   Limit Cross-Domain Execution by jQuery
  37
  38 ## <a name="bugs"></a>Bugs resolved
  39
  40 ### Core CiviCRM
  41
  42 - **[dev/core#695](https://lab.civicrm.org/dev/core/issues/695) Custom Search
  43   results selection failure and
  44   [dev/core#679](https://lab.civicrm.org/dev/core/issues/679) Groups and Tags
  45   affect search results when using Search Builder
  46   ([13533](https://github.com/civicrm/civicrm-core/pull/13533))**
  47
  48   This resolves some search regressions introduced in 5.9.0 relating to caching
  49   and custom searches.
  50
  51 - **[dev/core#737](https://lab.civicrm.org/dev/core/issues/737) Mass SMS not
  52   sent when send time is set to immediately
  53   ([13641](https://github.com/civicrm/civicrm-core/pull/13641))**
  54
  55   This resolves an issue where if you selected to send a Bulk SMS immediately
  56   it would not be sent because the scheduled date was set to NULL rather than
  57   the current date and time.
  58
  59 ## <a name="feedback"></a>Feedback
  60
  61 These release notes are edited by Tim Otten and Andrew Hunt.  If you'd like to
  62 provide feedback on them, please login to https://chat.civicrm.org/civicrm and
  63 contact `@agh1`.