There has been a security release for CiviCRM. We recommend you immediately upgrade to one of the following versions:

CiviCRM v5.20.0
CiviCRM v5.19.4
CiviCRM v5.13.7 ESR

Below are the security advisories details:

CIVI-SA-2019-24: Cross-site request forgery in APIv4 AJAX

A couple of other issues have been fixed in these releases, as described in the official announcement.

Upgrade now for the most stable CiviCRM experience:

To download CiviCRM 5.20.0: https://civicrm.org/download
To download CiviCRM 5.19.4: https://sourceforge.net/projects/civicrm/files/civicrm-stable/
To download CiviCRM 5.13.8 ESR version: https://civicrm.org/esr

Note: If you use CiviCRM v5.13.7 ESR with the APIv4 extension ("org.civicrm.api4"), you should double-check that your system is running version 4.4.4. In v5.19+, no extra check is necessary.

CiviCRM security announcements are available from https://civicrm.org/advisory and via the CiviCRM Security Notifications email list.

Click this link to unsubscribe from this mailing list.

Click this link to opt out of all mail from CiviCRM.org.

Our mailing address is:

2367 24th Ave
San Francisco, California 94116
United States