Merge pull request #10611 from totten/4.7.21-rc-notes

Release notes - Multiple updates for v4.7.21

Merge pull request #10611 from totten/4.7.21-rc-notes
7a138278 · totten · GitHub · 18c494a3 · d80a0117 · 7a138278
Commit 7a138278 authored 7 years ago by totten Committed by GitHub 7 years ago
--- a/release-notes/4.7.21.md
+++ b/release-notes/4.7.21.md
@@ -2,11 +2,24 @@

 Released July 5, 2017

+- **[Security advisories](#security)**
 - **[Features](#features)**
 - **[Bugs resolved](#bugs)**
 - **[Miscellany](#misc)**
 - **[Credits](#credits)**

+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2017-01](https://civicrm.org/advisory/civi-sa-2017-01-pingback-url-not-encrypted)** Pingback URL not encrypted
+- **[CIVI-SA-2017-02](https://civicrm.org/advisory/civi-sa-2017-02-privilage-escalation-via-leaked-key)** Privilage escalation via leaked key
+- **[CIVI-SA-2017-03](https://civicrm.org/advisory/civi-sa-2017-03-cross-site-scritping-in-the-recently-viewed-block)** Cross-site scripting in "Recently Viewed" block
+- **[CIVI-SA-2017-04](https://civicrm.org/advisory/civi-sa-2017-04-incorrect-escaping-for-on-behalf-of-block)** Incorrect escaping for "On Behalf Of" block
+- **[CIVI-SA-2017-05](https://civicrm.org/advisory/civi-sa-2017-05-incorrect-escaping-for-search-results-column)** Incorrect escaping for "Search Results" column
+- **[CIVI-SA-2017-06](https://civicrm.org/advisory/civi-sa-2017-06-incorrect-escaping-in-drupal-views-integration)** Incorrect escaping in Drupal Views integration
+- **[CIVI-SA-2017-07](https://civicrm.org/advisory/civi-sa-2017-07-insuffient-permission-check-in-mailing-report)** Insuffient permission-check in mailing report
+- **[CIVI-SA-2017-08](https://civicrm.org/advisory/civi-sa-2017-08-upgrade-multiple-js-libraries)** Upgrade multiple JS libraries
+
+
 ## <a name="features"></a>Features

 ### Core CiviCRM
@@ -417,7 +430,8 @@ Released July 5, 2017
 - **[CRM-20561](https://issues.civicrm.org/jira/browse/CRM-20561) Load
  Net_SMTP, Auth_SASL, Net_Socket via Composer
  ([10384](https://github.com/civicrm/civicrm-core/pull/10384),
-  [4](https://github.com/civicrm/civicrm-core/pull/4),
+  [3](https://github.com/seamuslee001/civicrm-core/pull/3),
+  [4](https://github.com/seamuslee001/civicrm-core/pull/4),
  [10385](https://github.com/civicrm/civicrm-core/pull/10385),
  [185](https://github.com/civicrm/civicrm-packages/pull/185), and
  [186](https://github.com/civicrm/civicrm-packages/pull/186))**
@@ -435,12 +449,6 @@ Released July 5, 2017
 - **(NFC) Attribution Chirojeugd Vlaanderen
  ([10519](https://github.com/civicrm/civicrm-core/pull/10519))**

- **[CRM-8597](https://issues.civicrm.org/jira/browse/CRM-8597) PHP strict
-  warning: Only variables should be assigned by reference.
-  ([3](https://github.com/civicrm/civicrm-core/pull/3))**
-
-  Instances of `$SVNROOT` are now replaced by `$CIVISOURCEDIR`.
-
 - **[CRM-20620](https://issues.civicrm.org/jira/browse/CRM-20620) Use batch api
  to retrieve all the batches
  ([10397](https://github.com/civicrm/civicrm-core/pull/10397))**