From 08eb0a2baf70b33a114464d8fc1553e16ee567c4 Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Thu, 16 Apr 2020 11:02:23 +1000
Subject: [PATCH] Add in release notes for 5.24.3

---
 release-notes.md        |  6 ++++++
 release-notes/5.24.3.md | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 release-notes/5.24.3.md

diff --git a/release-notes.md b/release-notes.md
index 79515f2bdd..3c8a95c1fb 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -15,6 +15,12 @@ Other resources for identifying changes are:
     * https://github.com/civicrm/civicrm-joomla
     * https://github.com/civicrm/civicrm-wordpress
 
+## CiviCRM 5.24.3
+
+Released April 15, 2020
+
+- **[Security advisories](release-notes/5.23.3.md#security)**
+
 ## CiviCRM 5.24.2
 
 Released April 9, 2020
diff --git a/release-notes/5.24.3.md b/release-notes/5.24.3.md
new file mode 100644
index 0000000000..a7954ed980
--- /dev/null
+++ b/release-notes/5.24.3.md
@@ -0,0 +1,40 @@
+# CiviCRM 5.24.3
+
+Released April 15, 2020
+
+- **[Security advisories](#security)**
+- **[Credits](#credits)**
+
+## <a name="synopsis"></a>Synopsis
+
+| *Does this version...?*                                         |         |
+|:--------------------------------------------------------------- |:-------:|
+| **Fix security vulnerabilities?**                               | **yes** |
+| Change the database schema?                                     |   no    |
+| Alter the API?                                                  |   no    |
+| Require attention to configuration options?                     |   no    |
+| Fix problems installing or upgrading to a previous version?     |   no    |
+| Introduce features?                                             |   no    |
+| Fix bugs?                                                       |   no    |
+
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2020-01](https://d8.civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API**
+- **[CIVI-SA-2020-02](https://d8.civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure**
+- **[CIVI-SA-2020-03](https://d8.civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization**
+- **[CIVI-SA-2020-04](https://d8.civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports**
+- **[CIVI-SA-2020-05](https://d8.civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity**
+- **[CIVI-SA-2020-06](https://d8.civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder**
+- **[CIVI-SA-2020-07](https://d8.civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs**
+- **[CIVI-SA-2020-08](https://d8.civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries**
+
+## <a name="credits"></a>Credits
+
+This release was developed by the following people, who participated in
+various stages of reporting, analysis, development, review, and testing:
+
+Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies-;
+Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
+Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
+Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE; 
+Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM;
-- 
2.25.1