X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=release-notes%2F4.7.21.md;h=1bc792e478768114dae534d6a46de293bb291978;hb=ff542b1eea0360e240ea25eff59cf01684637b00;hp=6ae72b6a54c483d3260a833782ec08c18cd6a143;hpb=18c494a39d5c58db2fae59195b11e2fbc6640056;p=civicrm-core.git

diff --git a/release-notes/4.7.21.md b/release-notes/4.7.21.md
index 6ae72b6a54..1bc792e478 100644
--- a/release-notes/4.7.21.md
+++ b/release-notes/4.7.21.md
@@ -2,11 +2,24 @@
 
 Released July 5, 2017
 
+- **[Security advisories](#security)**
 - **[Features](#features)**
 - **[Bugs resolved](#bugs)**
 - **[Miscellany](#misc)**
 - **[Credits](#credits)**
 
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2017-01](https://civicrm.org/advisory/civi-sa-2017-01-pingback-url-not-encrypted)** Pingback URL not encrypted
+- **[CIVI-SA-2017-02](https://civicrm.org/advisory/civi-sa-2017-02-privilage-escalation-via-leaked-key)** Privilage escalation via leaked key
+- **[CIVI-SA-2017-03](https://civicrm.org/advisory/civi-sa-2017-03-cross-site-scritping-in-the-recently-viewed-block)** Cross-site scripting in "Recently Viewed" block
+- **[CIVI-SA-2017-04](https://civicrm.org/advisory/civi-sa-2017-04-incorrect-escaping-for-on-behalf-of-block)** Incorrect escaping for "On Behalf Of" block
+- **[CIVI-SA-2017-05](https://civicrm.org/advisory/civi-sa-2017-05-incorrect-escaping-for-search-results-column)** Incorrect escaping for "Search Results" column
+- **[CIVI-SA-2017-06](https://civicrm.org/advisory/civi-sa-2017-06-incorrect-escaping-in-drupal-views-integration)** Incorrect escaping in Drupal Views integration
+- **[CIVI-SA-2017-07](https://civicrm.org/advisory/civi-sa-2017-07-insuffient-permission-check-in-mailing-report)** Insuffient permission-check in mailing report
+- **[CIVI-SA-2017-08](https://civicrm.org/advisory/civi-sa-2017-08-upgrade-multiple-js-libraries)** Upgrade multiple JS libraries
+
+
 ## <a name="features"></a>Features
 
 ### Core CiviCRM
@@ -417,7 +430,8 @@ Released July 5, 2017
 - **[CRM-20561](https://issues.civicrm.org/jira/browse/CRM-20561) Load
   Net_SMTP, Auth_SASL, Net_Socket via Composer
   ([10384](https://github.com/civicrm/civicrm-core/pull/10384),
-  [4](https://github.com/civicrm/civicrm-core/pull/4),
+  [3](https://github.com/seamuslee001/civicrm-core/pull/3),
+  [4](https://github.com/seamuslee001/civicrm-core/pull/4),
   [10385](https://github.com/civicrm/civicrm-core/pull/10385),
   [185](https://github.com/civicrm/civicrm-packages/pull/185), and
   [186](https://github.com/civicrm/civicrm-packages/pull/186))**
@@ -435,12 +449,6 @@ Released July 5, 2017
 - **(NFC) Attribution Chirojeugd Vlaanderen
   ([10519](https://github.com/civicrm/civicrm-core/pull/10519))**
 
-- **[CRM-8597](https://issues.civicrm.org/jira/browse/CRM-8597) PHP strict
-  warning: Only variables should be assigned by reference.
-  ([3](https://github.com/civicrm/civicrm-core/pull/3))**
-
-  Instances of `$SVNROOT` are now replaced by `$CIVISOURCEDIR`.
-
 - **[CRM-20620](https://issues.civicrm.org/jira/browse/CRM-20620) Use batch api
   to retrieve all the batches
   ([10397](https://github.com/civicrm/civicrm-core/pull/10397))**