--- /dev/null
+# CiviCRM 5.35.1
+
+Released March 17, 2021
+
+- **[Synopsis](#synopsis)**
+- **[Bugs resolved](#bugs)**
+- **[Credits](#credits)**
+- **[Feedback](#feedback)**
+
+## <a name="synopsis"></a>Synopsis
+
+| *Does this version...?* | |
+| --------------------------------------------------------------- | -------- |
+| Change the database schema? | no |
+| Alter the API? | no |
+| Require attention to configuration options? | no |
+| **Fix problems installing or upgrading to a previous version?** | **yes** |
+| Introduce features? | no |
+| **Fix bugs?** | **yes** |
+
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2021-01](https://civicrm.org/advisory/civi-sa-2021-01-reflected-cross-site-scripting-uploaded-csvs)**: Reflected Cross Site Scripting via Uploaded CSVs
+- **[CIVI-SA-2021-02](https://civicrm.org/advisory/civi-sa-2021-02-web-executable-utility-scripts)**: Web Executable Utility Scripts
+- **[CIVI-SA-2021-03](https://civicrm.org/advisory/civi-sa-2021-03-cross-site-scripting-manage-extensions)**: Cross Site Scripting in "Manage Extensions"
+- **[CIVI-SA-2021-04](https://civicrm.org/advisory/civi-sa-2021-04-cross-site-scripting-apiv4-explorer)**: Cross Site Scripting in the APIv4 Explorer
+- **[CIVI-SA-2021-05](https://civicrm.org/advisory/civi-sa-2021-05-reflected-cross-site-scripting-personal-campaign-pages)**: Reflected Cross Site Scripting in Personal Campaign Pages
+- **[CIVI-SA-2021-06](https://civicrm.org/advisory/civi-sa-2021-06-timing-attacks-against-site-key)**: Timing Attacks Against the Site Key
+- **[CIVI-SA-2021-07](https://civicrm.org/advisory/civi-sa-2021-07-sql-injection-joomla-user-integration)**: SQL injection in Joomla user integration
+
+## <a name="bugs"></a>Bugs resolved
+
+* **_CiviCampaign_: Fix error when reserving respondents for a survey ([#19811](https://github.com/civicrm/civicrm-core/pull/19811))**
+* **_Upgrader_: Fix handling of "group_title" in certain upgrade-paths ([dev/translation#58](https://lab.civicrm.org/dev/translation/-/issues/58): [#19740](https://github.com/civicrm/civicrm-core/pull/19740))**
+* **_D8 / Asset Builder_: Fail gracefully when certain resources cannot be generted ([dev/core#2137](https://lab.civicrm.org/dev/core/-/issues/2137): [#18830](https://github.com/civicrm/civicrm-core/pull/18830))**
+
+ A common misconfiguration on Drupal 8+ is to omit `enable-patching`. This currently manifests as an error about `crm-menubar.css`. The change does not fix the misconfiguration, but it makes the error more manageable.
+
+## <a name="credits"></a>Credits
+
+Special support from Deutsche Gesellschaft für Internationale Zusammenarbeit
+GmbH contributed significantly to this release and other contemporaneous
+security improvements.
+
+This release was developed by the following authors and reviewers:
+
+Wikimedia Foundation - Eileen McNaughton; Stephen Palmstrom; Semper IT - Karin
+Gerritsen; Progressive Technology Project - Jamie McClelland; Megaphone Technology
+Consulting - Jon Goldberg; MJW Consulting - Matthew Wire; MJCO - Mikey O'Toole; JMA
+Consulting - Seamus Lee, Monish Deb; Fuzion - Luke Stewart; Dmitry Smirnov; Dave D;
+CiviCRM - Tim Otten, Coleman Watts; Circle Interactive - Pradeep Nayak; Blackfly
+Solutions - Alan Dixon; Artful Robot - Rich Lott; AGH Strategies - Andrew Hunt
+
+## <a name="feedback"></a>Feedback
+
+These release notes are edited by Tim Otten and Andrew Hunt. If you'd like to
+provide feedback on them, please login to https://chat.civicrm.org/civicrm and
+contact `@agh1`.
projects / civicrm-core.git / commitdiff