3 Released April 15, 2020
5 - **[Security advisories](#security)**
6 - **[Credits](#credits)**
8 ## <a name="synopsis"></a>Synopsis
10 | *Does this version...?* | |
11 |:--------------------------------------------------------------- |:-------:|
12 | **Fix security vulnerabilities?** | **yes** |
13 | Change the database schema? | no |
14 | Alter the API? | no |
15 | Require attention to configuration options? | no |
16 | Fix problems installing or upgrading to a previous version? | no |
17 | Introduce features? | no |
20 ## <a name="security"></a>Security advisories
22 - **[CIVI-SA-2020-01](https://civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API**
23 - **[CIVI-SA-2020-02](https://civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure**
24 - **[CIVI-SA-2020-03](https://civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization**
25 - **[CIVI-SA-2020-04](https://civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports**
26 - **[CIVI-SA-2020-05](https://civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity**
27 - **[CIVI-SA-2020-06](https://civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder**
28 - **[CIVI-SA-2020-07](https://civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs**
29 - **[CIVI-SA-2020-08](https://civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries**
31 ## <a name="credits"></a>Credits
33 This release was developed by the following people, who participated in
34 various stages of reporting, analysis, development, review, and testing:
36 Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies;
37 Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
38 Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
39 Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE;
40 Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM
projects / civicrm-core.git / blob