# CiviCRM 5.10.3 Released February 20, 2019 - **[Synopsis](#synopsis)** - **[Security advisories](#security)** - **[Bugs resolved](#bugs)** - **[Feedback](#feedback)** ## <a name="synopsis"></a>Synopsis | *Does this version...?* | | |:--------------------------------------------------------------- |:-------:| | **Fix security vulnerabilities?** | **yes** | | Change the database schema? | no | | Alter the API? | no | | Require attention to configuration options? | no | | Fix problems installing or upgrading to a previous version? | no | | Introduce features? | no | | **Fix bugs?** | **yes** | ## <a name="security"></a>Security advisories - **[CIVI-SA-2019-01](https://civicrm.org/advisory/civi-sa-2019-01-weak-access-control-for-file-attachments)**: Weak access-control for file attachments - **[CIVI-SA-2019-02](https://civicrm.org/advisory/civi-sa-2019-02-sqli-in-prevnext-cache)**: SQL Injection in "PrevNext" Cache - **[CIVI-SA-2019-03](https://civicrm.org/advisory/civi-sa-2019-03-xss-in-logging-details-report)**: Cross-Site Scripting in "Logging Details" Report - **[CIVI-SA-2019-04](https://civicrm.org/advisory/civi-sa-2019-04-sqli-in-group-tag-filters)**: SQL Injection in Group and Tag Filters - **[CIVI-SA-2019-05](https://civicrm.org/advisory/civi-sa-2019-05-xss-in-new-pledge-form)**: Cross-Site Scripting in "New Pledge" Form - **[CIVI-SA-2019-06](https://civicrm.org/advisory/civi-sa-2019-06-xss-in-contact-entity-reference-fields)**: Cross-Site Scripting in Contact Reference Fields - **[CIVI-SA-2019-07](https://civicrm.org/advisory/civi-sa-2019-07-limit-cross-domain-execution-by-jquery)**: Limit Cross-Domain Execution by jQuery ## <a name="bugs"></a>Bugs resolved ### Core CiviCRM - **[dev/core#695](https://lab.civicrm.org/dev/core/issues/695) Custom Search results selection failure and [dev/core#679](https://lab.civicrm.org/dev/core/issues/679) Groups and Tags affect search results when using Search Builder ([13533](https://github.com/civicrm/civicrm-core/pull/13533))** This resolves some search regressions introduced in 5.9.0 relating to caching and custom searches. - **[dev/core#737](https://lab.civicrm.org/dev/core/issues/737) Mass SMS not sent when send time is set to immediately ([13641](https://github.com/civicrm/civicrm-core/pull/13641))** This resolves an issue where if you selected to send a Bulk SMS immediately it would not be sent because the scheduled date was set to NULL rather than the current date and time. ## <a name="feedback"></a>Feedback Security release notes are edited by Seamus Lee and Tim Otten, and release notes generally are edited by Andrew Hunt. If you'd like to provide feedback on them, please login to https://chat.civicrm.org/civicrm and contact `@agh1`.