release-notes/5.3.1.md

   1 # CiviCRM 5.3.1
   2
   3 Released July 18, 2018
   4
   5 - **[Security advisories](#security)**
   6 - **[Features](#features)**
   7 - **[Bugs resolved](#bugs)**
   8 - **[Miscellany](#misc)**
   9 - **[Credits](#credits)**
  10
  11 ## <a name="security"></a>Security advisories
  12
  13 - **[CIVI-SA-2018-01](https://civicrm.org/advisory/civi-sa-2018-01-sql-injection-in-get-cases-ajax-api)** SQL injection in get-cases AJAX API
  14 - **[CIVI-SA-2018-02](https://civicrm.org/advisory/civi-sa-2018-02-reflected-xss-in-contribution-reports)** Reflected XSS in Contribution Reports
  15 - **[CIVI-SA-2018-03](https://civicrm.org/advisory/civi-sa-2018-03-reflected-xss-in-error-message)** Reflected XSS in error message
  16 - **[CIVI-SA-2018-04](https://civicrm.org/advisory/civi-sa-2018-04-sql-injection-in-custom-groups)** SQL injection in Custom Groups
  17 - **[CIVI-SA-2018-05](https://civicrm.org/advisory/civi-sa-2018-05-reflected-xss-in-contact-merge-screen)** Reflected XSS in Contact Merge Screen
  18 - **[CIVI-SA-2018-06](https://civicrm.org/advisory/civi-sa-2018-06-reflected-xss-in-context-parameter)** Reflected XSS in "New Membership" Form
  19 - **[CIVI-SA-2018-07](https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform)** Remote Code Execution in QuickForm
  20