# CiviCRM 5.19.4

Released December 4, 2019

- **[Synopsis](#synopsis)**
- **[Bugs resolved](#bugs)**
- **[Credits](#credits)**
- **[Feedback](#feedback)**

## <a name="synopsis"></a>Synopsis

| *Does this version...?*                                         |         |
|:--------------------------------------------------------------- |:-------:|
| **Fix security vulnerabilities?**                               | **yes** |
| Change the database schema?                                     |   no    |
| Alter the API?                                                  |   no    |
| Require attention to configuration options?                     |   no    |
| Fix problems installing or upgrading to a previous version?     |   no    |
| Introduce features?                                             |   no    |
| **Fix bugs?**                                                   | **yes** |

## <a name="security"></a>Security advisories

- **[CIVI-SA-2019-24](https://civicrm.org/advisory/civi-sa-2019-24-csrf-in-apiv4-ajax-end-point): CSRF in APIv4 AJAX endpoint**

## <a name="bugs"></a>Bugs resolved

**_Event Search_: Fix Name badge generation from Event Search ([dev/core#1422](https://lab.civicrm.org/dev/core/issues/1422):
  [#15984](https://github.com/civicrm/civicrm-core/pull/15984))**
**_Smart Groups_: Fix smart groups that had stored form values for custom fields that are search by range that are not of type date ([#15977](https://github.com/civicrm/civicrm-core/pull/15977))**

## <a name="credits"></a>Credits

This release was developed by the following authors and reviewers:

Wikimedia Foundation - Eileen McNaughton; Greenpeace CCE - Patrick Figel;
Seamus Lee - Australian Greens; Tim Otten - CiviCRM

## <a name="feedback"></a>Feedback

These release notes are edited by Tim Otten and Andrew Hunt.  If you'd like to
provide feedback on them, please login to https://chat.civicrm.org/civicrm and
contact `@agh1`.