# CiviCRM 5.19.2

Released November 20, 2019

- **[Security advisories](#security)**
- **[Features](#features)**
- **[Bugs resolved](#bugs)**
- **[Miscellany](#misc)**
- **[Credits](#credits)**

## <a name="security"></a>Security advisories

- **[CIVI-SA-2019-19](https://civicrm.org/advisory/civi-sa-2019-19-sqli-in-dedupefind)**: SQLI in dedupefind
- **[CIVI-SA-2019-20](https://civicrm.org/advisory/civi-sa-2019-20-privilege-escalation-via-leaked-key)**: Privilege Escalation via Leaked Key
- **[CIVI-SA-2019-21](https://civicrm.org/advisory/civi-sa-2019-21-remote-code-execution-via-saved-search-and-report-instance-apis)**: RCE in Saved Search and Report Instance APIs
- **[CIVI-SA-2019-22](https://civicrm.org/advisory/civi-sa-2019-22-xss-in-dashboard-titles)**: XSS in Dashboard Titles
- **[CIVI-SA-2019-23](https://civicrm.org/advisory/civi-sa-2019-23-incorrect-storage-encoding-for-apiv4)**: Incorrect storage encoding for APIv4
- **[CIVIEXT-SA-2019-02](https://civicrm.org/advisory/civiext-sa-2019-02-xss-in-case-subject-when-edited-in-line-using-civicase-extension)**: XSS in case subject when edited in line using the CiviCase Extension.