From d734e34eb671429e878c5560b985a754c4987f69 Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Tue, 5 Sep 2023 22:15:51 -0700 Subject: [PATCH] Update release-notes/5.65.0.md --- release-notes/5.65.0.md | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/release-notes/5.65.0.md b/release-notes/5.65.0.md index 1c367b59e1..f6dabf3473 100644 --- a/release-notes/5.65.0.md +++ b/release-notes/5.65.0.md @@ -3,6 +3,7 @@ Released September 6, 2023 - **[Synopsis](#synopsis)** +- **[Security advisories](#security)** - **[Features](#features)** - **[Bugs resolved](#bugs)** - **[Miscellany](#misc)** @@ -20,6 +21,19 @@ Released September 6, 2023 | **Fix problems installing or upgrading to a previous version?** | **yes** | | **Introduce features?** | **yes** | | **Fix bugs?** | **yes** | +| **Fix security vulnerabilities?** | **yes** | + +## Security advisories + +* **[CIVI-SA-2023-07](https://civicrm.org/advisory/civi-sa-2023-07-smarty-math-rce): Smarty Math RCE** +* **[CIVI-SA-2023-08](https://civicrm.org/advisory/civi-sa-2023-08-kcfinder-xss): KCFinder XSS** +* **[CIVI-SA-2023-09](https://civicrm.org/advisory/civi-sa-2023-09-getfields-sqli): GetFields SQLI** +* **[CIVI-SA-2023-10](https://civicrm.org/advisory/civi-sa-2023-10-multiple-potential-sqli): Multiple Potential SQLI** +* **[CIVI-SA-2023-11](https://civicrm.org/advisory/civi-sa-2023-11-select2-xss): Select2 XSS** +* **[CIVI-SA-2023-12](https://civicrm.org/advisory/civi-sa-2023-12-jquery-validation-dos): jQuery Validation DoS** +* **[CIVI-SA-2023-13](https://civicrm.org/advisory/civi-sa-2023-13-survey-xss): Survey XSS** +* **[CIVI-SA-2023-14](https://civicrm.org/advisory/civi-sa-2023-14-contact-image-csrf): Contact Image CSRF** +* **[CIVI-SA-2023-15](https://civicrm.org/advisory/civi-sa-2023-15-civievent-xss): CiviEvent XSS** ## Features @@ -795,11 +809,12 @@ Most authors also reviewed code for this release; in addition, the following reviewers contributed their comments: Agileware - Justin Freeman; Australian Greens - John Twyman; Bob Silvern; -Circle Interactive - Pradeep Nayak; Humanists UK - Andrew West; JMA Consulting - -Joe Murray, Monish Deb; Korlon - Stuart Gaston; Megaphone Technology -Consulting - Brienne Kordis; Richard Baugh; Richard van Oosterhout; Semper IT - -Karin Gerritsen; Tadpole Collective - Kevin Cristiano; Third Sector Design - -William Mortada; xavi-xaloc +BrightMinded Ltd - Bradley Taylor; Circle Interactive - Pradeep Nayak; +Humanists UK - Andrew West; JMA Consulting - Joe Murray, Monish Deb; Korlon - +Stuart Gaston; Megaphone Technology Consulting - Brienne Kordis; Ranjit Pahan; +Richard Baugh; Richard van Oosterhout; Semper IT - Karin Gerritsen; RIPS +Technologies - Dennis Brinkrolf; Tadpole Collective - Kevin Cristiano; Third +Sector Design - William Mortada; Uepal - Jean-Marie Heitz; xavi-xaloc ## Feedback -- 2.25.1