Add 4.7.26 release notes

811554c0 · totten · b1598e07 · 811554c0 · 811554c0
Commit 811554c0 authored 7 years ago by totten
--- a/release-notes.md
+++ b/release-notes.md
@@ -14,6 +14,12 @@ Other resources for identifying changes are:
    * https://github.com/civicrm/civicrm-joomla
    * https://github.com/civicrm/civicrm-wordpress

+## CiviCRM 4.7.26
+
+Released November 1, 2017
+
+- **[Security](release-notes/4.7.26.md#security)**
+
 ## CiviCRM 4.7.25

 Released October 4, 2017

--- a/release-notes/4.7.26.md
+++ b/release-notes/4.7.26.md
+# CiviCRM 4.7.26
+
+Released Nov 1, 2017
+
+- **[Security advisories](#security)**
+
+## <a name="security"></a>Security advisories
+
+
+- **[CIVI-SA-2017-08](https://civicrm.org/advisory/civi-sa-2017-08-xss-in-html-link-attributes)** XSS in HTML link attributes
+- **[CIVI-SA-2017-09](https://civicrm.org/advisory/civi-sa-2017-09-shell-injection-vulerabilty-in-smarty)** Shell injection vulerabilty in Smarty
+- **[CIVI-SA-2017-10](https://civicrm.org/advisory/civi-sa-2017-10-xss-scripting-in-preimum-product-name)** XSS scripting in preimum product name
+- **[CIVI-SA-2017-11](https://civicrm.org/advisory/civi-sa-2017-11-xss-in-dedupe-rules)** XSS in dedupe rules
+- **[CIVI-SA-2017-12](https://civicrm.org/advisory/civi-sa-2017-12-xss-in-tag-description)** XSS in tag description
+- **[CIVI-SA-2017-13](https://civicrm.org/advisory/civi-sa-2017-13-selectedchild-url-paramater-not-properly-validated-for-civicrm-message)** SelectedChild URL parameter not properly validated
+- **[CIVI-SA-2017-14](https://civicrm.org/advisory/civi-sa-2017-14-xss-in-search-critiera-description)** XSS in Search Critiera Description
+- **[CIVI-SA-2017-15](https://civicrm.org/advisory/civi-sa-2017-15-extension-key-not-properly-validated-when-adding-or-disabling-or)** Extension key not properly validated
+- **[CIVI-SA-2017-16](https://civicrm.org/advisory/civi-sa-2017-16-sql-injection-risk-in-civireports-listing)** SQL injection risk in CiviReports