# CiviCRM 5.24.3 Released April 15, 2020 - **[Security advisories](#security)** - **[Credits](#credits)** ## <a name="synopsis"></a>Synopsis | *Does this version...?* | | |:--------------------------------------------------------------- |:-------:| | **Fix security vulnerabilities?** | **yes** | | Change the database schema? | no | | Alter the API? | no | | Require attention to configuration options? | no | | Fix problems installing or upgrading to a previous version? | no | | Introduce features? | no | | Fix bugs? | no | ## <a name="security"></a>Security advisories - **[CIVI-SA-2020-01](https://civicrm.org/advisory/civi-sa-2020-01): Improve Entity Name sanitisation when used as part of API** - **[CIVI-SA-2020-02](https://civicrm.org/advisory/civi-sa-2020-02): API Key Disclosure** - **[CIVI-SA-2020-03](https://civicrm.org/advisory/civi-sa-2020-03): PHP Code Execution via Phar Deserialization** - **[CIVI-SA-2020-04](https://civicrm.org/advisory/civi-sa-2020-04): Cross Site Scripting within CiviCase Reports** - **[CIVI-SA-2020-05](https://civicrm.org/advisory/civi-sa-2020-05): SQL Injection in Campaign Summary and Delete Activity** - **[CIVI-SA-2020-06](https://civicrm.org/advisory/civi-sa-2020-06): SQLI in Query Builder** - **[CIVI-SA-2020-07](https://civicrm.org/advisory/civi-sa-2020-07): CSRF in Scheduled Jobs** - **[CIVI-SA-2020-08](https://civicrm.org/advisory/civi-sa-2020-08): XSS via JS libraries** ## <a name="credits"></a>Credits This release was developed by the following people, who participated in various stages of reporting, analysis, development, review, and testing: Cure53; Mozilla Open Source Support (MOSS); Dennis Brinkrolf - RIPS Technologies; Kevin Cristiano - Tadpole Collective; Rich Lott - Artful Robot; Eileen McNaughton - Wikipedia Foundation; Sean Colsen - Left Join Labs; Mark Burdett - Electronic Frontier Foundation; Patrick Figel - Greenpeace CEE; Seamus Lee - CiviCRM and JMA Consulting; Tim Otten - CiviCRM