From e8248b57c80e34ca1fe0aba2d3e9fc55057ed694 Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Mon, 18 Nov 2019 16:34:14 +1100
Subject: [PATCH] Release notes for 5.19.2 Release

---
 release-notes.md        |  6 ++++++
 release-notes/5.19.2.md | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 release-notes/5.19.2.md

diff --git a/release-notes.md b/release-notes.md
index 811dddb445..5012540d92 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -15,6 +15,12 @@ Other resources for identifying changes are:
     * https://github.com/civicrm/civicrm-joomla
     * https://github.com/civicrm/civicrm-wordpress
 
+## CiviCRM 5.19.2
+
+Released November 20, 2019
+
+- **[Security advisories](release-notes/5.19.2.md#security)**
+
 ## CiviCRM 5.19.1
 
 Released November 8, 2019
diff --git a/release-notes/5.19.2.md b/release-notes/5.19.2.md
new file mode 100644
index 0000000000..d92727aaba
--- /dev/null
+++ b/release-notes/5.19.2.md
@@ -0,0 +1,18 @@
+# CiviCRM 5.19.2
+
+Released November 20, 2019
+
+- **[Security advisories](#security)**
+- **[Features](#features)**
+- **[Bugs resolved](#bugs)**
+- **[Miscellany](#misc)**
+- **[Credits](#credits)**
+
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2019-19](https://civicrm.org/advisory/civi-sa-2019-19-sqli-in-dedupefind)**: SQLI in dedupefind
+- **[CIVI-SA-2019-20](https://civicrm.org/advisory/civi-sa-2019-20-privilege-escalation-via-leaked-key)**: Privilege Escalation via Leaked Key
+- **[CIVI-SA-2019-21](https://civicrm.org/advisory/civi-sa-2019-21-remote-code-execution-via-saved-search-and-report-instance-apis)**: RCE in Saved Search and Report Instance APIs
+- **[CIVI-SA-2019-22](https://civicrm.org/advisory/civi-sa-2019-22-xss-in-dashboard-titles)**: XSS in Dashboard Titles
+- **[CIVI-SA-2019-23](https://civicrm.org/advisory/civi-sa-2019-23-incorrect-storage-encoding-for-apiv4)**: Incorrect storage encoding for APIv4
+- **[CIVIEXT-SA-2019-02](https://civicrm.org/advisory/civiext-sa-2019-02-xss-in-case-subject-when-edited-in-line-using-civicase-extension)**: XSS in case subject when edited in line using the CiviCase Extension.
-- 
2.25.1