From: Seamus Lee <seamuslee001@gmail.com>
Date: Wed, 19 Aug 2020 07:41:16 +0000 (+1000)
Subject: Add in release notes for 5.28.1
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=6ff8c50303e6d628b9c7cbf811e896d58415bba0;p=civicrm-core.git

Add in release notes for 5.28.1
---

diff --git a/release-notes.md b/release-notes.md
index a7c7f0ef35..d4ea4c09ab 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -15,6 +15,16 @@ Other resources for identifying changes are:
     * https://github.com/civicrm/civicrm-joomla
     * https://github.com/civicrm/civicrm-wordpress
 
+## CiviCRM 5.28.1
+
+Released August 19, 2020
+
+- **[Synopsis](release-notes/5.28.1.md#synopsis)**
+- **[Security advisories](release-notes/5.28.1.md#security)**
+- **[Bugs resolved](release-notes/5.28.1.md#bugs)**
+- **[Credits](release-notes/5.28.1.md#credits)**
+- **[Feedback](release-notes/5.28.1.md#feedback)**
+
 ## CiviCRM 5.28.0
 
 Released August 5, 2020
diff --git a/release-notes/5.28.1.md b/release-notes/5.28.1.md
new file mode 100644
index 0000000000..0da4c87560
--- /dev/null
+++ b/release-notes/5.28.1.md
@@ -0,0 +1,60 @@
+# CiviCRM 5.28.1
+
+Released August 19, 2020
+
+- **[Security advisories](#security)**
+- **[Bugs Resolved](#bugs)**
+- **[Credits](#credits)**
+
+## <a name="synopsis"></a>Synopsis
+
+| *Does this version...?*                                         |         |
+|:--------------------------------------------------------------- |:-------:|
+| **Fix security vulnerabilities?**                               | **yes** |
+| Change the database schema?                                     |   no    |
+| Alter the API?                                                  |   no    |
+| Require attention to configuration options?                     |   no    |
+| Fix problems installing or upgrading to a previous version?     |   no    |
+| Introduce features?                                             |   no    |
+| Fix bugs?                                                       | **yes** |
+
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2020-09](https://civicrm.org/advisory/civi-sa-2020-09-privilege-escalation-smart-groups): Privillege Escallation via Smart Groups**
+- **[CIVI-SA-2020-10](https://civicrm.org/advisory/civi-sa-2020-10-cross-site-scripting-activity-details): Cross Site Scripting in Activity Details**
+- **[CIVI-SA-2020-11](https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form): CSRF on CKEditor Configuration**
+- **[CIVI-SA-2020-12](https://civicrm.org/advisory/civi-sa-2020-12-xss-ckeditor-configuration): XSS in CKEditor Configuration**
+- **[CIVI-SA-2020-13](https://civicrm.org/advisory/civi-sa-2020-13-xss-event-summary): XSS in Event Summary**
+- **[CIVI-SA-2020-14](https://civicrm.org/advisory/civi-sa-2020-14-xss-profile-description-field): XSS in Profile Description**
+- **[CIVI-SA-2020-15](https://civicrm.org/advisory/civi-sa-2020-15-persistent-xss-contact-activity-tab): Persistant XSS in Contact Activity Tab**
+- **[CIVI-SA-2020-16](https://civicrm.org/advisory/civi-sa-2020-16-jquery-security-update-cve-2020-11022-cve-2020-11023): jQuery CVE-202-11022, CVE-2020-11023**
+- **[CIVI-SA-2020-17](https://civicrm.org/advisory/civi-sa-2020-17-harden-private-key-validation): Harden private key valiation**
+- **[CIVI-SA-2020-18](https://civicrm.org/advisory/civi-sa-2020-18-html-injection-through-error-message): HTML Injection via Error Message**
+
+
+## <a name="bugs"></a>Bugs Resolved
+
+* **_CiviContribute_: Price Field Values with no label display null in receipts ([dev/core#1936](https://lab.civicrm.org/dev/core/-/issues/1936):
+  [#18124](https://github.com/civicrm/civicrm-core/pull/18124))**
+* **_CiviContribute_: Credit Card fields are required even when the amount is 0 ([dev/core#1953](https://lab.civicrm.org/dev/core/-/issues/1953):
+  [#18144](https://github.com/civicrm/civicrm-core/pull/18144), [#16163](https://github.com/civicrm/civicrm-core/pull/16163), [#18166](https://github.com/civicrm/civicrm-core/pull/16166))**
+* **_Activities_: Exporting all activities from a find activity search as an ACLed user causes DB error ([dev/core#1952](https://lab.civicrm.org/dev/core/-/issues/1952):
+  [#18017](https://github.com/civicrm/civicrm-core/pull/18017))**
+* **_Dedupe_: Merging Contacts with contact specific settings fails ([dev/core#1934](https://lab.civicrm.org/dev/core/-/issues/1934):
+  [#18126](https://github.com/civicrm/civicrm-core/pull/18126))**
+* **_CiviContribute_: Fix issue where access was granted inappropriately to the edit recurring screen ([dev/core#1945](https://lab.civicrm.org/dev/core/-/issues/1945):
+  [#18180](https://github.com/civicrm/civicrm-core/pull/18180))**
+
+## <a name="credits"></a>Credits
+
+This release was developed by the following people, who participated in
+various stages of reporting, analysis, development, review, and testing:
+
+Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies;
+Compucorp - Jamie Noviak, Shitij Gugnai; Armadillo Security - Ben Hubbard;
+Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
+Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
+Patrick Figel - Greenpeace CEE; Dave D; Karin Gerritsen - Semper IT;
+Mark Rogers; Jude Hungerford - Asylum Seekers Center;
+Pradeep Nayak - Circle Interactive;
+Seamus Lee - CiviCRM and JMA Consulting; Tim Otten, Coleman Watts - CiviCRM