release-notes/5.20.0

author Tim Otten <totten@civicrm.org>

Wed, 4 Dec 2019 20:08:07 +0000 (12:08 -0800)

committer Tim Otten <totten@civicrm.org>

Wed, 4 Dec 2019 20:08:36 +0000 (12:08 -0800)
author Tim Otten <totten@civicrm.org>
Wed, 4 Dec 2019 20:08:07 +0000 (12:08 -0800)
committer Tim Otten <totten@civicrm.org>
Wed, 4 Dec 2019 20:08:36 +0000 (12:08 -0800)
diff --git a/release-notes.md b/release-notes.md

index 32f9aaf92c0897f0389f4c86a3d340a9990e046b..b16765dae78947fefa75303192a0a7c17d4e7de3 100644 (file)
--- a/release-notes.md
+++ b/release-notes.md
@@ -20,6 +20,7 @@ Other resources for identifying changes are:
  Released December 4, 2019
  
  - **[Synopsis](release-notes/5.20.0.md#synopsis)**
+- **[Security advisories](release-notes/5.20.0.md#security)**
  - **[Features](release-notes/5.20.0.md#features)**
  - **[Bugs resolved](release-notes/5.20.0.md#bugs)**
  - **[Miscellany](release-notes/5.20.0.md#misc)**
diff --git a/release-notes/5.20.0.md b/release-notes/5.20.0.md

index 53b1f7e495224aaf84b8a1e61cf1bb4e0b7fee55..d807c62451c44809daece172d7585d75a56ab836 100644 (file)
--- a/release-notes/5.20.0.md
+++ b/release-notes/5.20.0.md
@@ -21,6 +21,10 @@ Released December 4, 2019
  | **Introduce features?**                                         | **yes** |
  | **Fix bugs?**                                                   | **yes** |
  
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-24](https://civicrm.org/advisory/civi-sa-2019-24-csrf-in-apiv4-ajax-end-point): Cross-site request forgery in APIv4 AJAX endpoint**
+
  ## <a name="features"></a>Features
  
  ### Core CiviCRM
author	Tim Otten <totten@civicrm.org>
	Wed, 4 Dec 2019 20:08:07 +0000 (12:08 -0800)
committer	Tim Otten <totten@civicrm.org>
	Wed, 4 Dec 2019 20:08:36 +0000 (12:08 -0800)
release-notes.md		patch \| blob \| blame \| history
release-notes/5.20.0.md		patch \| blob \| blame \| history