| **Introduce features?** | **yes** |
| **Fix bugs?** | **yes** |
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-24](https://civicrm.org/advisory/civi-sa-2019-24-csrf-in-apiv4-ajax-end-point): Cross-site request forgery in APIv4 AJAX endpoint**
+
## <a name="features"></a>Features
### Core CiviCRM
This release was developed by the following code authors:
a-n The Artists Information Company - William Mortada; AGH Strategies - Alice
-Frumin, Andrew Hunt, Eli Lisseck; Agileware - Pengyi Zhang; Alexy
+Frumin, Andie Hunt, Eli Lisseck; Agileware - Pengyi Zhang; Alexy
Mikhailichenko; Australian Greens - Seamus Lee; Christian Wach; CiviCoop - Jaap
Jansma; CiviCRM - Coleman Watts, Tim Otten; CiviDesk - Yashodha Chaku;
CompuCorp- Camilo Rodriguez, Davi Alexandre, Omar Abu Hussein; Dave D;
## <a name="feedback"></a>Feedback
-These release notes are edited by Alice Frumin and Andrew Hunt. If you'd like
+These release notes are edited by Alice Frumin and Andie Hunt. If you'd like
to provide feedback on them, please log in to https://chat.civicrm.org/civicrm
and contact `@agh1`.