# CiviCRM 5.10.3
Released February 20, 2019
- **[Synopsis](#synopsis)**
- **[Security advisories](#security)**
- **[Bugs resolved](#bugs)**
- **[Feedback](#feedback)**
## Synopsis
| *Does this version...?* | |
|:--------------------------------------------------------------- |:-------:|
| **Fix security vulnerabilities?** | **yes** |
| Change the database schema? | no |
| Alter the API? | no |
| Require attention to configuration options? | no |
| Fix problems installing or upgrading to a previous version? | no |
| Introduce features? | no |
| **Fix bugs?** | **yes** |
## Security advisories
- **[CIVI-SA-2019-01](https://civicrm.org/advisory/civi-sa-2019-01-weak-access-control-for-file-attachments)**:
Weak access-control for file attachments
- **[CIVI-SA-2019-02](https://civicrm.org/advisory/civi-sa-2019-02-sqli-in-prevnext-cache)**:
SQL Injection in "PrevNext" Cache
- **[CIVI-SA-2019-03](https://civicrm.org/advisory/civi-sa-2019-03-xss-in-logging-details-report)**:
Cross-Site Scripting in "Logging Details" Report
- **[CIVI-SA-2019-04](https://civicrm.org/advisory/civi-sa-2019-04-sqli-in-group-tag-filters)**:
SQL Injection in Group and Tag Filters
- **[CIVI-SA-2019-05](https://civicrm.org/advisory/civi-sa-2019-05-xss-in-new-pledge-form)**:
Cross-Site Scripting in "New Pledge" Form
- **[CIVI-SA-2019-06](https://civicrm.org/advisory/civi-sa-2019-06-xss-in-contact-entity-reference-fields)**:
Cross-Site Scripting in Contact Reference Fields
- **[CIVI-SA-2019-07](https://civicrm.org/advisory/civi-sa-2019-07-limit-cross-domain-execution-by-jquery)**:
Limit Cross-Domain Execution by jQuery
## Bugs resolved
### Core CiviCRM
- **[dev/core#695](https://lab.civicrm.org/dev/core/issues/695) Custom Search
results selection failure and
[dev/core#679](https://lab.civicrm.org/dev/core/issues/679) Groups and Tags
affect search results when using Search Builder
([13533](https://github.com/civicrm/civicrm-core/pull/13533))**
This resolves some search regressions introduced in 5.9.0 relating to caching
and custom searches.
- **[dev/core#737](https://lab.civicrm.org/dev/core/issues/737) SMS not sent if
"Send Immediately" option is chosen on the last screen
([13641](https://github.com/civicrm/civicrm-core/pull/13641))**
This resolves an issue where if you selected to send a Bulk SMS immediately
it would not be sent because the scheduled date was set to `NULL` rather than
the current date and time.
## Feedback
Security release notes are edited by Seamus Lee and Tim Otten, and release
notes generally are edited by Andrew Hunt. If you'd like to provide
feedback on them, please login to https://chat.civicrm.org/civicrm and
contact `@agh1`.