From 6dc730fad8a14bdba677c9b1d963e754b8788e83 Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Wed, 19 Aug 2020 17:40:15 -0700 Subject: [PATCH] Copy-edits for 5.28.1.md --- release-notes/5.28.1.md | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/release-notes/5.28.1.md b/release-notes/5.28.1.md index 0da4c87560..5c85559bbf 100644 --- a/release-notes/5.28.1.md +++ b/release-notes/5.28.1.md @@ -16,11 +16,11 @@ Released August 19, 2020 | Require attention to configuration options? | no | | Fix problems installing or upgrading to a previous version? | no | | Introduce features? | no | -| Fix bugs? | **yes** | +| **Fix bugs?** | **yes** | ## Security advisories -- **[CIVI-SA-2020-09](https://civicrm.org/advisory/civi-sa-2020-09-privilege-escalation-smart-groups): Privillege Escallation via Smart Groups** +- **[CIVI-SA-2020-09](https://civicrm.org/advisory/civi-sa-2020-09-privilege-escalation-acl-smart-groups): Privilege Escalation via Smart Groups** - **[CIVI-SA-2020-10](https://civicrm.org/advisory/civi-sa-2020-10-cross-site-scripting-activity-details): Cross Site Scripting in Activity Details** - **[CIVI-SA-2020-11](https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form): CSRF on CKEditor Configuration** - **[CIVI-SA-2020-12](https://civicrm.org/advisory/civi-sa-2020-12-xss-ckeditor-configuration): XSS in CKEditor Configuration** @@ -28,33 +28,31 @@ Released August 19, 2020 - **[CIVI-SA-2020-14](https://civicrm.org/advisory/civi-sa-2020-14-xss-profile-description-field): XSS in Profile Description** - **[CIVI-SA-2020-15](https://civicrm.org/advisory/civi-sa-2020-15-persistent-xss-contact-activity-tab): Persistant XSS in Contact Activity Tab** - **[CIVI-SA-2020-16](https://civicrm.org/advisory/civi-sa-2020-16-jquery-security-update-cve-2020-11022-cve-2020-11023): jQuery CVE-202-11022, CVE-2020-11023** -- **[CIVI-SA-2020-17](https://civicrm.org/advisory/civi-sa-2020-17-harden-private-key-validation): Harden private key valiation** +- **[CIVI-SA-2020-17](https://civicrm.org/advisory/civi-sa-2020-17-harden-session-private-key): Harden Per-Session Private Key** - **[CIVI-SA-2020-18](https://civicrm.org/advisory/civi-sa-2020-18-html-injection-through-error-message): HTML Injection via Error Message** - +- **[CIVI-SA-2020-19](https://civicrm.org/advisory/civi-sa-2020-19-edit-permission-recurring-contributions): Edit Permission for Recurring Contributions** ## Bugs Resolved -* **_CiviContribute_: Price Field Values with no label display null in receipts ([dev/core#1936](https://lab.civicrm.org/dev/core/-/issues/1936): +* **_Activities_: Exporting all activities from a "Find Activity" search as an ACLed user causes DB error ([dev/core#1952](https://lab.civicrm.org/dev/core/-/issues/1952): + [#18017](https://github.com/civicrm/civicrm-core/pull/18017))** +* **_CiviContribute_: Receipts display unlabeled price options as "null" ([dev/core#1936](https://lab.civicrm.org/dev/core/-/issues/1936): [#18124](https://github.com/civicrm/civicrm-core/pull/18124))** -* **_CiviContribute_: Credit Card fields are required even when the amount is 0 ([dev/core#1953](https://lab.civicrm.org/dev/core/-/issues/1953): +* **_CiviContribute_: Credit card fields are required even when the amount is 0 ([dev/core#1953](https://lab.civicrm.org/dev/core/-/issues/1953): [#18144](https://github.com/civicrm/civicrm-core/pull/18144), [#16163](https://github.com/civicrm/civicrm-core/pull/16163), [#18166](https://github.com/civicrm/civicrm-core/pull/16166))** -* **_Activities_: Exporting all activities from a find activity search as an ACLed user causes DB error ([dev/core#1952](https://lab.civicrm.org/dev/core/-/issues/1952): - [#18017](https://github.com/civicrm/civicrm-core/pull/18017))** -* **_Dedupe_: Merging Contacts with contact specific settings fails ([dev/core#1934](https://lab.civicrm.org/dev/core/-/issues/1934): +* **_Dedupe_: Merging contacts with certain "Settings" produces error ([dev/core#1934](https://lab.civicrm.org/dev/core/-/issues/1934): [#18126](https://github.com/civicrm/civicrm-core/pull/18126))** -* **_CiviContribute_: Fix issue where access was granted inappropriately to the edit recurring screen ([dev/core#1945](https://lab.civicrm.org/dev/core/-/issues/1945): - [#18180](https://github.com/civicrm/civicrm-core/pull/18180))** ## Credits This release was developed by the following people, who participated in various stages of reporting, analysis, development, review, and testing: -Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies; -Compucorp - Jamie Noviak, Shitij Gugnai; Armadillo Security - Ben Hubbard; -Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot; -Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs; -Patrick Figel - Greenpeace CEE; Dave D; Karin Gerritsen - Semper IT; -Mark Rogers; Jude Hungerford - Asylum Seekers Center; -Pradeep Nayak - Circle Interactive; -Seamus Lee - CiviCRM and JMA Consulting; Tim Otten, Coleman Watts - CiviCRM +Ben Hubbard - Armadillo Security; Coleman Watts - CiviCRM; Cure53; Dave D; +Dennis Brinkrolf - RIPS Technologies; Eileen McNaughton - Wikipedia +Foundation; Jamie Novick - Compucorp; Jens Schuppe; Jude Hungerford - Asylum +Seekers Center; Karin Gerritsen - Semper IT; Kevin Cristiano - Tadpole +Collective; Mark Rogers; Mozilla Open Source Support (MOSS); Patrick Figel - +Greenpeace CEE; Pradeep Nayak - Circle Interactive; Rich Lott - Artful +Robot; Seamus Lee - CiviCRM and JMA Consulting; Sean Colsen - Left Join +Labs; Shitij Gugnai - Compucorp; Tim Otten - CiviCRM -- 2.25.1