projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #17253 from mattwire/utf8convertblocksize
[civicrm-core.git] / release-notes / 5.20.0.md
diff --git a/release-notes/5.20.0.md b/release-notes/5.20.0.md
index 53b1f7e495224aaf84b8a1e61cf1bb4e0b7fee55..d807c62451c44809daece172d7585d75a56ab836 100644 (file)
--- a/release-notes/5.20.0.md
+++ b/release-notes/5.20.0.md
@@ -21,6 +21,10 @@ Released December 4, 2019
 | **Introduce features?**                                         | **yes** |
 | **Fix bugs?**                                                   | **yes** |
 
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-24](https://civicrm.org/advisory/civi-sa-2019-24-csrf-in-apiv4-ajax-end-point): Cross-site request forgery in APIv4 AJAX endpoint**
+
 ## <a name="features"></a>Features
 
 ### Core CiviCRM