| Require attention to configuration options? | no |
| Fix problems installing or upgrading to a previous version? | no |
| Introduce features? | no |
-| Fix bugs? | **yes** |
+| **Fix bugs?** | **yes** |
## <a name="security"></a>Security advisories
-- **[CIVI-SA-2020-09](https://civicrm.org/advisory/civi-sa-2020-09-privilege-escalation-smart-groups): Privillege Escallation via Smart Groups**
+- **[CIVI-SA-2020-09](https://civicrm.org/advisory/civi-sa-2020-09-privilege-escalation-acl-smart-groups): Privilege Escalation via Smart Groups**
- **[CIVI-SA-2020-10](https://civicrm.org/advisory/civi-sa-2020-10-cross-site-scripting-activity-details): Cross Site Scripting in Activity Details**
- **[CIVI-SA-2020-11](https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form): CSRF on CKEditor Configuration**
- **[CIVI-SA-2020-12](https://civicrm.org/advisory/civi-sa-2020-12-xss-ckeditor-configuration): XSS in CKEditor Configuration**
- **[CIVI-SA-2020-14](https://civicrm.org/advisory/civi-sa-2020-14-xss-profile-description-field): XSS in Profile Description**
- **[CIVI-SA-2020-15](https://civicrm.org/advisory/civi-sa-2020-15-persistent-xss-contact-activity-tab): Persistant XSS in Contact Activity Tab**
- **[CIVI-SA-2020-16](https://civicrm.org/advisory/civi-sa-2020-16-jquery-security-update-cve-2020-11022-cve-2020-11023): jQuery CVE-202-11022, CVE-2020-11023**
-- **[CIVI-SA-2020-17](https://civicrm.org/advisory/civi-sa-2020-17-harden-private-key-validation): Harden private key valiation**
+- **[CIVI-SA-2020-17](https://civicrm.org/advisory/civi-sa-2020-17-harden-session-private-key): Harden Per-Session Private Key**
- **[CIVI-SA-2020-18](https://civicrm.org/advisory/civi-sa-2020-18-html-injection-through-error-message): HTML Injection via Error Message**
-
+- **[CIVI-SA-2020-19](https://civicrm.org/advisory/civi-sa-2020-19-edit-permission-recurring-contributions): Edit Permission for Recurring Contributions**
## <a name="bugs"></a>Bugs Resolved
-* **_CiviContribute_: Price Field Values with no label display null in receipts ([dev/core#1936](https://lab.civicrm.org/dev/core/-/issues/1936):
+* **_Activities_: Exporting all activities from a "Find Activity" search as an ACLed user causes DB error ([dev/core#1952](https://lab.civicrm.org/dev/core/-/issues/1952):
+ [#18017](https://github.com/civicrm/civicrm-core/pull/18017))**
+* **_CiviContribute_: Receipts display unlabeled price options as "null" ([dev/core#1936](https://lab.civicrm.org/dev/core/-/issues/1936):
[#18124](https://github.com/civicrm/civicrm-core/pull/18124))**
-* **_CiviContribute_: Credit Card fields are required even when the amount is 0 ([dev/core#1953](https://lab.civicrm.org/dev/core/-/issues/1953):
+* **_CiviContribute_: Credit card fields are required even when the amount is 0 ([dev/core#1953](https://lab.civicrm.org/dev/core/-/issues/1953):
[#18144](https://github.com/civicrm/civicrm-core/pull/18144), [#16163](https://github.com/civicrm/civicrm-core/pull/16163), [#18166](https://github.com/civicrm/civicrm-core/pull/16166))**
-* **_Activities_: Exporting all activities from a find activity search as an ACLed user causes DB error ([dev/core#1952](https://lab.civicrm.org/dev/core/-/issues/1952):
- [#18017](https://github.com/civicrm/civicrm-core/pull/18017))**
-* **_Dedupe_: Merging Contacts with contact specific settings fails ([dev/core#1934](https://lab.civicrm.org/dev/core/-/issues/1934):
+* **_Dedupe_: Merging contacts with certain "Settings" produces error ([dev/core#1934](https://lab.civicrm.org/dev/core/-/issues/1934):
[#18126](https://github.com/civicrm/civicrm-core/pull/18126))**
-* **_CiviContribute_: Fix issue where access was granted inappropriately to the edit recurring screen ([dev/core#1945](https://lab.civicrm.org/dev/core/-/issues/1945):
- [#18180](https://github.com/civicrm/civicrm-core/pull/18180))**
## <a name="credits"></a>Credits
This release was developed by the following people, who participated in
various stages of reporting, analysis, development, review, and testing:
-Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies;
-Compucorp - Jamie Noviak, Shitij Gugnai; Armadillo Security - Ben Hubbard;
-Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
-Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
-Patrick Figel - Greenpeace CEE; Dave D; Karin Gerritsen - Semper IT;
-Mark Rogers; Jude Hungerford - Asylum Seekers Center;
-Pradeep Nayak - Circle Interactive;
-Seamus Lee - CiviCRM and JMA Consulting; Tim Otten, Coleman Watts - CiviCRM
+Ben Hubbard - Armadillo Security; Coleman Watts - CiviCRM; Cure53; Dave D;
+Dennis Brinkrolf - RIPS Technologies; Eileen McNaughton - Wikipedia
+Foundation; Jamie Novick - Compucorp; Jens Schuppe; Jude Hungerford - Asylum
+Seekers Center; Karin Gerritsen - Semper IT; Kevin Cristiano - Tadpole
+Collective; Mark Rogers; Mozilla Open Source Support (MOSS); Patrick Figel -
+Greenpeace CEE; Pradeep Nayak - Circle Interactive; Rich Lott - Artful
+Robot; Seamus Lee - CiviCRM and JMA Consulting; Sean Colsen - Left Join
+Labs; Shitij Gugnai - Compucorp; Tim Otten - CiviCRM
projects / civicrm-core.git / blobdiff