Add in release notes for 5.24.3

diff --git a/release-notes.md b/release-notes.md
index 79515f2bddfd7d5fd9e0a7339c611268f38b17a7..3c8a95c1fbaecbdf1287d2ce28087290ce5524be 100644 (file)
--- a/release-notes.md
+++ b/release-notes.md
@@ -15,6 +15,12 @@ Other resources for identifying changes are:
     * https://github.com/civicrm/civicrm-joomla
     * https://github.com/civicrm/civicrm-wordpress
 
+## CiviCRM 5.24.3
+
+Released April 15, 2020
+
+- **[Security advisories](release-notes/5.23.3.md#security)**
+
 ## CiviCRM 5.24.2
 
 Released April 9, 2020

diff --git a/release-notes/5.24.3.md b/release-notes/5.24.3.md
new file mode 100644 (file)
index 0000000..a7954ed
--- /dev/null
+++ b/release-notes/5.24.3.md
@@ -0,0 +1,40 @@
+# CiviCRM 5.24.3
+
+Released April 15, 2020
+
+- **[Security advisories](#security)**
+- **[Credits](#credits)**
+
+## <a name="synopsis"></a>Synopsis
+
+| *Does this version...?*                                         |         |
+|:--------------------------------------------------------------- |:-------:|
+| **Fix security vulnerabilities?**                               | **yes** |
+| Change the database schema?                                     |   no    |
+| Alter the API?                                                  |   no    |
+| Require attention to configuration options?                     |   no    |
+| Fix problems installing or upgrading to a previous version?     |   no    |
+| Introduce features?                                             |   no    |
+| Fix bugs?                                                       |   no    |
+
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2020-01](https://d8.civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API**
+- **[CIVI-SA-2020-02](https://d8.civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure**
+- **[CIVI-SA-2020-03](https://d8.civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization**
+- **[CIVI-SA-2020-04](https://d8.civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports**
+- **[CIVI-SA-2020-05](https://d8.civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity**
+- **[CIVI-SA-2020-06](https://d8.civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder**
+- **[CIVI-SA-2020-07](https://d8.civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs**
+- **[CIVI-SA-2020-08](https://d8.civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries**
+
+## <a name="credits"></a>Credits
+
+This release was developed by the following people, who participated in
+various stages of reporting, analysis, development, review, and testing:
+
+Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies-;
+Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
+Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
+Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE; 
+Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM;