Merge pull request #22154 from eileenmcnaughton/n3

[civicrm-core.git] / release-notes / 5.20.0.md

diff --git a/release-notes/5.20.0.md b/release-notes/5.20.0.md
index 53b1f7e495224aaf84b8a1e61cf1bb4e0b7fee55..cd3afb413bf5513dba033a2cf79ba1ef83de76bf 100644 (file)
--- a/release-notes/5.20.0.md
+++ b/release-notes/5.20.0.md
@@ -21,6 +21,10 @@ Released December 4, 2019
 | **Introduce features?**                                         | **yes** |
 | **Fix bugs?**                                                   | **yes** |
 
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-24](https://civicrm.org/advisory/civi-sa-2019-24-csrf-in-apiv4-ajax-end-point): Cross-site request forgery in APIv4 AJAX endpoint**
+
 ## <a name="features"></a>Features
 
 ### Core CiviCRM
@@ -1052,7 +1056,7 @@ Released December 4, 2019
 This release was developed by the following code authors:
 
 a-n The Artists Information Company - William Mortada; AGH Strategies - Alice
-Frumin, Andrew Hunt, Eli Lisseck; Agileware - Pengyi Zhang; Alexy
+Frumin, Andie Hunt, Eli Lisseck; Agileware - Pengyi Zhang; Alexy
 Mikhailichenko; Australian Greens - Seamus Lee; Christian Wach; CiviCoop - Jaap
 Jansma; CiviCRM - Coleman Watts, Tim Otten; CiviDesk - Yashodha Chaku;
 CompuCorp- Camilo Rodriguez, Davi Alexandre, Omar Abu Hussein; Dave D;
@@ -1077,6 +1081,6 @@ Oliver; Skvare - Mark Hanna; OSSeed Technologies LLP - Sushant Paste
 
 ## <a name="feedback"></a>Feedback
 
-These release notes are edited by Alice Frumin and Andrew Hunt.  If you'd like
+These release notes are edited by Alice Frumin and Andie Hunt.  If you'd like
 to provide feedback on them, please log in to https://chat.civicrm.org/civicrm
 and contact `@agh1`.