- **[Credits](release-notes/5.20.0.md#credits)**
- **[Feedback](release-notes/5.20.0.md#feedback)**
+## CiviCRM 5.19.2
+
+Released November 20, 2019
+
+- **[Security advisories](release-notes/5.19.2.md#security)**
+
## CiviCRM 5.19.1
Released November 8, 2019
--- /dev/null
+# CiviCRM 5.19.2
+
+Released November 20, 2019
+
+- **[Security advisories](#security)**
+- **[Features](#features)**
+- **[Bugs resolved](#bugs)**
+- **[Miscellany](#misc)**
+- **[Credits](#credits)**
+
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-19](https://civicrm.org/advisory/civi-sa-2019-19-sqli-in-dedupefind)**: SQLI in dedupefind
+- **[CIVI-SA-2019-20](https://civicrm.org/advisory/civi-sa-2019-20-privilege-escalation-via-leaked-key)**: Privilege Escalation via Leaked Key
+- **[CIVI-SA-2019-21](https://civicrm.org/advisory/civi-sa-2019-21-remote-code-execution-via-saved-search-and-report-instance-apis)**: RCE in Saved Search and Report Instance APIs
+- **[CIVI-SA-2019-22](https://civicrm.org/advisory/civi-sa-2019-22-xss-in-dashboard-titles)**: XSS in Dashboard Titles
+- **[CIVI-SA-2019-23](https://civicrm.org/advisory/civi-sa-2019-23-incorrect-storage-encoding-for-apiv4)**: Incorrect storage encoding for APIv4
+- **[CIVIEXT-SA-2019-02](https://civicrm.org/advisory/civiext-sa-2019-02-xss-in-case-subject-when-edited-in-line-using-civicase-extension)**: XSS in case subject when edited in line using the CiviCase Extension.