X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=release-notes%2F5.50.0.md;h=1300f62ad2f2bf791ba76bf4d4197f81d1116388;hb=86b783d8c75410d387d2b702610d07a36fff04eb;hp=a734de61f37ea1e259c8f71c6846fd0bb01efe9e;hpb=ec59969e4f80c9d1a1fe143a40630056e85f32b0;p=civicrm-core.git

diff --git a/release-notes/5.50.0.md b/release-notes/5.50.0.md
index a734de61f3..1300f62ad2 100644
--- a/release-notes/5.50.0.md
+++ b/release-notes/5.50.0.md
@@ -3,6 +3,7 @@
 Released June 1, 2022
 
 - **[Synopsis](#synopsis)**
+- **[Security advisories](#security)**
 - **[Features](#features)**
 - **[Bugs resolved](#bugs)**
 - **[Miscellany](#misc)**
@@ -13,7 +14,7 @@ Released June 1, 2022
 
 | *Does this version...?*                                         |         |
 |:--------------------------------------------------------------- |:-------:|
-| Fix security vulnerabilities?                                   |   no    |
+| Fix security vulnerabilities?                                   | **yes** |
 | **Change the database schema?**                                 | **yes** |
 | **Alter the API?**                                              | **yes** |
 | Require attention to configuration options?                     |   no    |
@@ -21,6 +22,10 @@ Released June 1, 2022
 | **Introduce features?**                                         | **yes** |
 | **Fix bugs?**                                                   | **yes** |
 
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2022-07: APIv3 Access Bypass](https://civicrm.org/advisory/civi-sa-2022-07-apiv3-access-bypass)**
+
 ## <a name="features"></a>Features
 
 ### Core CiviCRM
@@ -28,20 +33,22 @@ Released June 1, 2022
 - **System Check - Add a reminder about CIVICRM_SIGN_KEYS.
   ([23224](https://github.com/civicrm/civicrm-core/pull/23224))**
 
-  Adds a system status check regarding CIVICRM_SIGN_KEYS.
+  Adds a system status check that generates a reminder about cryptographic
+  signing keys.
 
 - **Restrict allowed uploads - contact image
   ([23147](https://github.com/civicrm/civicrm-core/pull/23147))**
 
   Restrict file types allowed for the contact image field.
-  
+
 - **Add tracking table for import jobs
   ([dev/core#1307](https://lab.civicrm.org/dev/core/-/issues/1307):
   [23199](https://github.com/civicrm/civicrm-core/pull/23199) and
   [23245](https://github.com/civicrm/civicrm-core/pull/23245))**
 
-  Adds a table for the purpose of tracking user jobs (imports) and associated
-  temp tables and starts tracking the submittedValues and data source with it.
+  This adds a new table for the purpose of tracking user jobs (e.g. imports) and
+  associated temp tables and starts tracking the submittedValues and data source
+  with it.
 
 - **CustomFields - Improve metadata about which custom groups belong to which
   entities ([23336](https://github.com/civicrm/civicrm-core/pull/23336))**
@@ -49,6 +56,22 @@ Released June 1, 2022
   Makes the relationship between Custom Field Groups, entity types and subtypes
   discoverable via APIv4 metadata.
 
+- **Upgrader - Add support for automatic snapshots
+  ([23522](https://github.com/civicrm/civicrm-core/pull/23522) and
+  [23544](https://github.com/civicrm/civicrm-core/pull/23594))**
+
+  This adds a utility for recording a snapshot of certain columns in a database
+  table prior to applying any upgrade steps to it.  This will make it easier to
+  roll back or compare changes if necessary after the upgrade.
+
+  The snapshot tables begin with the prefix `snap_civicrm_` and will be cleaned
+  up after a certain number of minor version upgrades.  For now, the feature is
+  disabled by default, but you may enable it by adding
+
+      define('CIVICRM_UPGRADE_SNAPSHOT', TRUE);
+
+  to the settings file.
+
 - **Api4 - minor fixes and updates
   ([23310](https://github.com/civicrm/civicrm-core/pull/23310))**
 
@@ -141,7 +164,9 @@ Released June 1, 2022
   ([dev/core#3249](https://lab.civicrm.org/dev/core/-/issues/3249):
   [23313](https://github.com/civicrm/civicrm-core/pull/23313))**
 
-  Makes casetype a managed entity.
+  This makes `CaseType` in APIv4 a managed entity.  This is part of a move
+  towards having all cases defined in configuration and deprecating XML-defined
+  case types.
 
 ### CiviContribute
 
@@ -180,6 +205,13 @@ Released June 1, 2022
   ([dev/core#3164](https://lab.civicrm.org/dev/core/-/issues/3164):
   [23191](https://github.com/civicrm/civicrm-core/pull/23191))**
 
+- **Fix 'Authorization Failed' regression when submitting eg. webform via
+  checksum ([23607](https://github.com/civicrm/civicrm-core/pull/23607))**
+
+  This resolves a bug where accessing an entity through APIv3, coming in via a
+  checksum link, results in a failed authorization for the step of updating the
+  recent items stack via APIv4.
+
 - **Manage Extensions - Hide nag for core exts
   ([dev/core#3171](https://lab.civicrm.org/dev/core/-/issues/3171):
   [23204](https://github.com/civicrm/civicrm-core/pull/23204))**
@@ -210,6 +242,12 @@ Released June 1, 2022
 - **SearchKit - Move grid css to its own file
   ([23315](https://github.com/civicrm/civicrm-core/pull/23315))**
 
+- **SearchKit - Fix 'undefined var' error after import
+  ([23572](https://github.com/civicrm/civicrm-core/pull/23572))**
+
+  Fixes an unresponsive screen after importing multiple records into SearchKit
+  (using the Import dialog).
+
 - **add missing Parishes of Bermuda (civicrm_state_province)
   ([23339](https://github.com/civicrm/civicrm-core/pull/23339))**
 
@@ -327,6 +365,9 @@ Released June 1, 2022
 - **Apply nodefaults to contact tabs for escape-on-output
   ([23232](https://github.com/civicrm/civicrm-core/pull/23232))**
 
+- **MultipleRecordFieldsListing.tpl - JS strings should us JS escaping
+  ([23499](https://github.com/civicrm/civicrm-core/pull/23499))**
+
 ### CiviCampaign
 
 - **update-supporter-url
@@ -374,6 +415,18 @@ Released June 1, 2022
 
   Definitively load main files during bootstrap.
 
+- **Fix empty money handling
+  ([23528](https://github.com/civicrm/civicrm-core/pull/23528))**
+
+  Tokens representing money fields will now default to 0 for empty values.
+
+- **Calculate unit_price based on qty
+  ([23566](https://github.com/civicrm/civicrm-core/pull/23566))**
+
+  This resolves a bug when a template contribution was created for a recurring
+  contribution: the unit_price on the line item was set to match the line_total,
+  ignoring qty.
+
 ### CiviEvent
 
 - **batch geocode API does not process event addresses
@@ -668,7 +721,8 @@ Released June 1, 2022
   ([23169](https://github.com/civicrm/civicrm-core/pull/23169))**
 
 - **(NFC) mixin/**.php - Add @since tags
-  ([23423](https://github.com/civicrm/civicrm-core/pull/23423))**
+  ([23423](https://github.com/civicrm/civicrm-core/pull/23423) and
+  [23440](https://github.com/civicrm/civicrm-core/pull/23440))**
 
 - **(NFC) Skip CliRunnerTest on php80+drush+Backdrop
   ([23184](https://github.com/civicrm/civicrm-core/pull/23184))**
@@ -710,7 +764,7 @@ Andreas Howiller; Andy Burns; Artful Robot - Rich Lott; Australian Greens - John
 Twyman; Betty Dolfing; Christian Wach; Circle Interactive - Dave Jenkins, Matt
 Trim; CiviCoop - Jaap Jansma; iXiam - Vangelis Pantazis; JMA Consulting - Edsel
 Lopez; John Kingsnorth; Joinery - Allen Shaw; Nicol Wistreich; Tadpole
-Collective - Kevin Cristiano;
+Collective - Kevin Cristiano
 
 ## <a name="feedback"></a>Feedback