Commit 08eb0a2b authored by Seamus Lee's avatar Seamus Lee

Add in release notes for 5.24.3

parent bc4b5233
...@@ -15,6 +15,12 @@ Other resources for identifying changes are: ...@@ -15,6 +15,12 @@ Other resources for identifying changes are:
* https://github.com/civicrm/civicrm-joomla * https://github.com/civicrm/civicrm-joomla
* https://github.com/civicrm/civicrm-wordpress * https://github.com/civicrm/civicrm-wordpress
## CiviCRM 5.24.3
Released April 15, 2020
- **[Security advisories](release-notes/5.23.3.md#security)**
## CiviCRM 5.24.2 ## CiviCRM 5.24.2
Released April 9, 2020 Released April 9, 2020
......
# CiviCRM 5.24.3
Released April 15, 2020
- **[Security advisories](#security)**
- **[Credits](#credits)**
## <a name="synopsis"></a>Synopsis
| *Does this version...?* | |
|:--------------------------------------------------------------- |:-------:|
| **Fix security vulnerabilities?** | **yes** |
| Change the database schema? | no |
| Alter the API? | no |
| Require attention to configuration options? | no |
| Fix problems installing or upgrading to a previous version? | no |
| Introduce features? | no |
| Fix bugs? | no |
## <a name="security"></a>Security advisories
- **[CIVI-SA-2020-01](https://d8.civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API**
- **[CIVI-SA-2020-02](https://d8.civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure**
- **[CIVI-SA-2020-03](https://d8.civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization**
- **[CIVI-SA-2020-04](https://d8.civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports**
- **[CIVI-SA-2020-05](https://d8.civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity**
- **[CIVI-SA-2020-06](https://d8.civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder**
- **[CIVI-SA-2020-07](https://d8.civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs**
- **[CIVI-SA-2020-08](https://d8.civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries**
## <a name="credits"></a>Credits
This release was developed by the following people, who participated in
various stages of reporting, analysis, development, review, and testing:
Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies-;
Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot;
Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs;
Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE;
Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment