Add in release notes for 5.24.3

08eb0a2b · Seamus Lee · bc4b5233 · 08eb0a2b · 08eb0a2b
Commit 08eb0a2b authored Apr 16, 2020 by Seamus Lee
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 0 deletions

release-notes.md release-notes.md +6 -0

release-notes/5.24.3.md release-notes/5.24.3.md +40 -0

No files found.
--- a/release-notes.md
+++ b/release-notes.md
@@ -15,6 +15,12 @@ Other resources for identifying changes are:
    * https://github.com/civicrm/civicrm-joomla
    * https://github.com/civicrm/civicrm-wordpress

+## CiviCRM 5.24.3
+
+Released April 15, 2020
+
+- **[Security advisories](release-notes/5.23.3.md#security)**
+
 ## CiviCRM 5.24.2

 Released April 9, 2020

--- a/release-notes/5.24.3.md
+++ b/release-notes/5.24.3.md
+# CiviCRM 5.24.3
+
+Released April 15, 2020
+
+- **[Security advisories](#security)**
+- **[Credits](#credits)**
+
+## <a name="synopsis"></a>Synopsis
+
+| *Does this version...?*                                         |         |
+|:--------------------------------------------------------------- |:-------:|
+| **Fix security vulnerabilities?**                               | **yes** |
+| Change the database schema?                                     |   no    |
+| Alter the API?                                                  |   no    |
+| Require attention to configuration options?                     |   no    |
+| Fix problems installing or upgrading to a previous version?     |   no    |
+| Introduce features?                                             |   no    |
+| Fix bugs?                                                       |   no    |
+
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2020-01](https://d8.civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API**
+- **[CIVI-SA-2020-02](https://d8.civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure**
+- **[CIVI-SA-2020-03](https://d8.civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization**
+- **[CIVI-SA-2020-04](https://d8.civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports**
+- **[CIVI-SA-2020-05](https://d8.civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity**
+- **[CIVI-SA-2020-06](https://d8.civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder**
+- **[CIVI-SA-2020-07](https://d8.civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs**
+- **[CIVI-SA-2020-08](https://d8.civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries**
+
+## <a name="credits"></a>Credits
+
+This release was developed by the following people, who participated in
+various stages of reporting, analysis, development, review, and testing:
+
+Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies-;
+Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
+Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
+Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE; 
+Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM;