From: Tim Otten <totten@civicrm.org>
Date: Wed, 4 Dec 2019 20:08:07 +0000 (-0800)
Subject: release-notes/5.20.0
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=a29069bd306069e618517bd44798e4ed4c25696a;p=civicrm-core.git

release-notes/5.20.0
---

diff --git a/release-notes.md b/release-notes.md
index 32f9aaf92c..b16765dae7 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -20,6 +20,7 @@ Other resources for identifying changes are:
 Released December 4, 2019
 
 - **[Synopsis](release-notes/5.20.0.md#synopsis)**
+- **[Security advisories](release-notes/5.20.0.md#security)**
 - **[Features](release-notes/5.20.0.md#features)**
 - **[Bugs resolved](release-notes/5.20.0.md#bugs)**
 - **[Miscellany](release-notes/5.20.0.md#misc)**
diff --git a/release-notes/5.20.0.md b/release-notes/5.20.0.md
index 53b1f7e495..d807c62451 100644
--- a/release-notes/5.20.0.md
+++ b/release-notes/5.20.0.md
@@ -21,6 +21,10 @@ Released December 4, 2019
 | **Introduce features?**                                         | **yes** |
 | **Fix bugs?**                                                   | **yes** |
 
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-24](https://civicrm.org/advisory/civi-sa-2019-24-csrf-in-apiv4-ajax-end-point): Cross-site request forgery in APIv4 AJAX endpoint**
+
 ## <a name="features"></a>Features
 
 ### Core CiviCRM