| **Introduce features?** | **yes** |
| **Fix bugs?** | **yes** |
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-24](https://civicrm.org/advisory/civi-sa-2019-24-csrf-in-apiv4-ajax-end-point): Cross-site request forgery in APIv4 AJAX endpoint**
+
## <a name="features"></a>Features
### Core CiviCRM