Release notes for 5.19.2 Release

diff --git a/release-notes.md b/release-notes.md
index 1852d297b3e68625c06d7f4a47f3fd4a255184bb..03dabde06d7caef30c891050a258a43e5732d669 100644 (file)
--- a/release-notes.md
+++ b/release-notes.md
@@ -26,6 +26,12 @@ Released December 4, 2019
 - **[Credits](release-notes/5.20.0.md#credits)**
 - **[Feedback](release-notes/5.20.0.md#feedback)**
 
+## CiviCRM 5.19.2
+
+Released November 20, 2019
+
+- **[Security advisories](release-notes/5.19.2.md#security)**
+
 ## CiviCRM 5.19.1
 
 Released November 8, 2019

diff --git a/release-notes/5.19.2.md b/release-notes/5.19.2.md
new file mode 100644 (file)
index 0000000..d92727a
--- /dev/null
+++ b/release-notes/5.19.2.md
@@ -0,0 +1,18 @@
+# CiviCRM 5.19.2
+
+Released November 20, 2019
+
+- **[Security advisories](#security)**
+- **[Features](#features)**
+- **[Bugs resolved](#bugs)**
+- **[Miscellany](#misc)**
+- **[Credits](#credits)**
+
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-19](https://civicrm.org/advisory/civi-sa-2019-19-sqli-in-dedupefind)**: SQLI in dedupefind
+- **[CIVI-SA-2019-20](https://civicrm.org/advisory/civi-sa-2019-20-privilege-escalation-via-leaked-key)**: Privilege Escalation via Leaked Key
+- **[CIVI-SA-2019-21](https://civicrm.org/advisory/civi-sa-2019-21-remote-code-execution-via-saved-search-and-report-instance-apis)**: RCE in Saved Search and Report Instance APIs
+- **[CIVI-SA-2019-22](https://civicrm.org/advisory/civi-sa-2019-22-xss-in-dashboard-titles)**: XSS in Dashboard Titles
+- **[CIVI-SA-2019-23](https://civicrm.org/advisory/civi-sa-2019-23-incorrect-storage-encoding-for-apiv4)**: Incorrect storage encoding for APIv4
+- **[CIVIEXT-SA-2019-02](https://civicrm.org/advisory/civiext-sa-2019-02-xss-in-case-subject-when-edited-in-line-using-civicase-extension)**: XSS in case subject when edited in line using the CiviCase Extension.