X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=release-notes%2F4.7.21.md;h=1bc792e478768114dae534d6a46de293bb291978;hb=ff542b1eea0360e240ea25eff59cf01684637b00;hp=6ae72b6a54c483d3260a833782ec08c18cd6a143;hpb=18c494a39d5c58db2fae59195b11e2fbc6640056;p=civicrm-core.git
diff --git a/release-notes/4.7.21.md b/release-notes/4.7.21.md
index 6ae72b6a54..1bc792e478 100644
--- a/release-notes/4.7.21.md
+++ b/release-notes/4.7.21.md
@@ -2,11 +2,24 @@
Released July 5, 2017
+- **[Security advisories](#security)**
- **[Features](#features)**
- **[Bugs resolved](#bugs)**
- **[Miscellany](#misc)**
- **[Credits](#credits)**
+## Security advisories
+
+- **[CIVI-SA-2017-01](https://civicrm.org/advisory/civi-sa-2017-01-pingback-url-not-encrypted)** Pingback URL not encrypted
+- **[CIVI-SA-2017-02](https://civicrm.org/advisory/civi-sa-2017-02-privilage-escalation-via-leaked-key)** Privilage escalation via leaked key
+- **[CIVI-SA-2017-03](https://civicrm.org/advisory/civi-sa-2017-03-cross-site-scritping-in-the-recently-viewed-block)** Cross-site scripting in "Recently Viewed" block
+- **[CIVI-SA-2017-04](https://civicrm.org/advisory/civi-sa-2017-04-incorrect-escaping-for-on-behalf-of-block)** Incorrect escaping for "On Behalf Of" block
+- **[CIVI-SA-2017-05](https://civicrm.org/advisory/civi-sa-2017-05-incorrect-escaping-for-search-results-column)** Incorrect escaping for "Search Results" column
+- **[CIVI-SA-2017-06](https://civicrm.org/advisory/civi-sa-2017-06-incorrect-escaping-in-drupal-views-integration)** Incorrect escaping in Drupal Views integration
+- **[CIVI-SA-2017-07](https://civicrm.org/advisory/civi-sa-2017-07-insuffient-permission-check-in-mailing-report)** Insuffient permission-check in mailing report
+- **[CIVI-SA-2017-08](https://civicrm.org/advisory/civi-sa-2017-08-upgrade-multiple-js-libraries)** Upgrade multiple JS libraries
+
+
## Features
### Core CiviCRM
@@ -417,7 +430,8 @@ Released July 5, 2017
- **[CRM-20561](https://issues.civicrm.org/jira/browse/CRM-20561) Load
Net_SMTP, Auth_SASL, Net_Socket via Composer
([10384](https://github.com/civicrm/civicrm-core/pull/10384),
- [4](https://github.com/civicrm/civicrm-core/pull/4),
+ [3](https://github.com/seamuslee001/civicrm-core/pull/3),
+ [4](https://github.com/seamuslee001/civicrm-core/pull/4),
[10385](https://github.com/civicrm/civicrm-core/pull/10385),
[185](https://github.com/civicrm/civicrm-packages/pull/185), and
[186](https://github.com/civicrm/civicrm-packages/pull/186))**
@@ -435,12 +449,6 @@ Released July 5, 2017
- **(NFC) Attribution Chirojeugd Vlaanderen
([10519](https://github.com/civicrm/civicrm-core/pull/10519))**
-- **[CRM-8597](https://issues.civicrm.org/jira/browse/CRM-8597) PHP strict
- warning: Only variables should be assigned by reference.
- ([3](https://github.com/civicrm/civicrm-core/pull/3))**
-
- Instances of `$SVNROOT` are now replaced by `$CIVISOURCEDIR`.
-
- **[CRM-20620](https://issues.civicrm.org/jira/browse/CRM-20620) Use batch api
to retrieve all the batches
([10397](https://github.com/civicrm/civicrm-core/pull/10397))**