# CiviCRM 5.24.3
Released April 15, 2020
- **[Security advisories](#security)**
- **[Credits](#credits)**
## Synopsis
| *Does this version...?* | |
|:--------------------------------------------------------------- |:-------:|
| **Fix security vulnerabilities?** | **yes** |
| Change the database schema? | no |
| Alter the API? | no |
| Require attention to configuration options? | no |
| Fix problems installing or upgrading to a previous version? | no |
| Introduce features? | no |
| Fix bugs? | no |
## Security advisories
- **[CIVI-SA-2020-01](https://civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API**
- **[CIVI-SA-2020-02](https://civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure**
- **[CIVI-SA-2020-03](https://civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization**
- **[CIVI-SA-2020-04](https://civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports**
- **[CIVI-SA-2020-05](https://civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity**
- **[CIVI-SA-2020-06](https://civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder**
- **[CIVI-SA-2020-07](https://civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs**
- **[CIVI-SA-2020-08](https://civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries**
## Credits
This release was developed by the following people, who participated in
various stages of reporting, analysis, development, review, and testing:
Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies;
Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE;
Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM