diff --git a/release-notes.md b/release-notes.md index 9df6b2d06f3b..d1edf7f68946 100644 --- a/release-notes.md +++ b/release-notes.md @@ -14,6 +14,12 @@ Other resources for identifying changes are: * https://github.com/civicrm/civicrm-joomla * https://github.com/civicrm/civicrm-wordpress +## CiviCRM 4.7.26 + +Released November 1, 2017 + +- **[Security](release-notes/4.7.26.md#security)** + ## CiviCRM 4.7.25 Released October 4, 2017 diff --git a/release-notes/4.7.26.md b/release-notes/4.7.26.md new file mode 100644 index 000000000000..268e70798832 --- /dev/null +++ b/release-notes/4.7.26.md @@ -0,0 +1,18 @@ +# CiviCRM 4.7.26 + +Released Nov 1, 2017 + +- **[Security advisories](#security)** + +## Security advisories + + +- **[CIVI-SA-2017-08](https://civicrm.org/advisory/civi-sa-2017-08-xss-in-html-link-attributes)** XSS in HTML link attributes +- **[CIVI-SA-2017-09](https://civicrm.org/advisory/civi-sa-2017-09-shell-injection-vulerabilty-in-smarty)** Shell injection vulerabilty in Smarty +- **[CIVI-SA-2017-10](https://civicrm.org/advisory/civi-sa-2017-10-xss-scripting-in-preimum-product-name)** XSS scripting in preimum product name +- **[CIVI-SA-2017-11](https://civicrm.org/advisory/civi-sa-2017-11-xss-in-dedupe-rules)** XSS in dedupe rules +- **[CIVI-SA-2017-12](https://civicrm.org/advisory/civi-sa-2017-12-xss-in-tag-description)** XSS in tag description +- **[CIVI-SA-2017-13](https://civicrm.org/advisory/civi-sa-2017-13-selectedchild-url-paramater-not-properly-validated-for-civicrm-message)** SelectedChild URL parameter not properly validated +- **[CIVI-SA-2017-14](https://civicrm.org/advisory/civi-sa-2017-14-xss-in-search-critiera-description)** XSS in Search Critiera Description +- **[CIVI-SA-2017-15](https://civicrm.org/advisory/civi-sa-2017-15-extension-key-not-properly-validated-when-adding-or-disabling-or)** Extension key not properly validated +- **[CIVI-SA-2017-16](https://civicrm.org/advisory/civi-sa-2017-16-sql-injection-risk-in-civireports-listing)** SQL injection risk in CiviReports