diff --git a/API/Controllers/UploadController.cs b/API/Controllers/UploadController.cs
@@ -59,6 +59,8 @@ public async Task<ActionResult<string>> GetImageFromFile(UploadUrlDto dto)
                 if (string.IsNullOrEmpty(path) || !_directoryService.FileSystem.File.Exists(path))
                     return BadRequest($"Could not download file");
 
+                if (!await _imageService.IsImage(path)) return BadRequest("Url does not return a valid image");
+
                 return $"coverupload_{dateString}.{format}";
             }
             catch (FlurlHttpException ex)

diff --git a/API/Data/Repositories/ReadingListRepository.cs b/API/Data/Repositories/ReadingListRepository.cs
@@ -17,7 +17,7 @@ public interface IReadingListRepository
     Task<IEnumerable<ReadingListItemDto>> GetReadingListItemDtosByIdAsync(int readingListId, int userId);
     Task<ReadingListDto> GetReadingListDtoByIdAsync(int readingListId, int userId);
     Task<IEnumerable<ReadingListItemDto>> AddReadingProgressModifiers(int userId, IList<ReadingListItemDto> items);
-    Task<ReadingListDto> GetReadingListDtoByTitleAsync(string title);
+    Task<ReadingListDto> GetReadingListDtoByTitleAsync(int userId, string title);
     Task<IEnumerable<ReadingListItem>> GetReadingListItemsByIdAsync(int readingListId);
 
     Task<IEnumerable<ReadingListDto>> GetReadingListDtosForSeriesAndUserAsync(int userId, int seriesId,
@@ -211,10 +211,10 @@ public async Task<IEnumerable<ReadingListItemDto>> AddReadingProgressModifiers(i
         return items;
     }
 
-    public async Task<ReadingListDto> GetReadingListDtoByTitleAsync(string title)
+    public async Task<ReadingListDto> GetReadingListDtoByTitleAsync(int userId, string title)
     {
         return await _context.ReadingList
-            .Where(r => r.Title.Equals(title))
+            .Where(r => r.Title.Equals(title) && r.AppUserId == userId)
             .ProjectTo<ReadingListDto>(_mapper.ConfigurationProvider)
             .SingleOrDefaultAsync();
     }

diff --git a/API/Extensions/IdentityServiceExtensions.cs b/API/Extensions/IdentityServiceExtensions.cs
@@ -1,4 +1,5 @@
-using System.Text;
+using System;
+using System.Text;
 using System.Threading.Tasks;
 using API.Constants;
 using API.Data;
@@ -32,6 +33,11 @@ public static IServiceCollection AddIdentityServices(this IServiceCollection ser
                     opt.Password.RequiredLength = 6;
 
                     opt.SignIn.RequireConfirmedEmail = true;
+
+                    opt.Lockout.AllowedForNewUsers = true;
+                    opt.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(10);
+                    opt.Lockout.MaxFailedAccessAttempts = 5;
+
                 })
                 .AddTokenProvider<DataProtectorTokenProvider<AppUser>>(TokenOptions.DefaultProvider)
                 .AddRoles<AppRole>()

diff --git a/API/Services/ImageService.cs b/API/Services/ImageService.cs
@@ -27,6 +27,8 @@ public interface IImageService
     /// <param name="filePath">Full path to the image to convert</param>
     /// <returns>File of written webp image</returns>
     Task<string> ConvertToWebP(string filePath, string outputPath);
+
+    Task<bool> IsImage(string filePath);
 }
 
 public class ImageService : IImageService
@@ -115,6 +117,23 @@ public async Task<string> ConvertToWebP(string filePath, string outputPath)
         return outputFile;
     }
 
+    public async Task<bool> IsImage(string filePath)
+    {
+        try
+        {
+            var info = await SixLabors.ImageSharp.Image.IdentifyAsync(filePath);
+            if (info == null) return false;
+
+            return true;
+        }
+        catch (Exception ex)
+        {
+            /* Swallow Exception */
+        }
+
+        return false;
+    }
+
 
     /// <inheritdoc />
     public string CreateThumbnailFromBase64(string encodedImage, string fileName)

diff --git a/Kavita.Common/Kavita.Common.csproj b/Kavita.Common/Kavita.Common.csproj
@@ -4,7 +4,7 @@
         <TargetFramework>net6.0</TargetFramework>
         <Company>kavitareader.com</Company>
         <Product>Kavita</Product>
-        <AssemblyVersion>0.5.4.0</AssemblyVersion>
+        <AssemblyVersion>0.5.4.1</AssemblyVersion>
         <NeutralLanguage>en</NeutralLanguage>
     </PropertyGroup>
 

diff --git a/README.md b/README.md
@@ -21,12 +21,12 @@ your reading collection with your friends and family!
 - [x] Serve up Manga/Webtoons/Comics (cbr, cbz, zip/rar, 7zip, raw images) and Books (epub, pdf)
 - [x] First class responsive readers that work great on any device (phone, tablet, desktop)
 - [x] Dark mode and customizable theming support
-- [ ] Provide hooks into metadata providers to fetch metadata for Comics, Manga, and Books
+- [ ] Provide a plugin system to allow external metadata integration and scrobbling for read status, ratings, and reviews
 - [x] Metadata should allow for collections, want to read integration from 3rd party services, genres.
 - [x] Ability to manage users, access, and ratings
-- [ ] Ability to sync ratings and reviews to external services
 - [x] Fully Accessible with active accessibility audits
 - [x] Dedicated webtoon reading mode
+- [ ] Full localization support
 - [ ] And so much [more...](https://github.com/Kareadita/Kavita/projects)
 
 ## Support
@@ -93,6 +93,9 @@ Thank you to [<img src="/Logo/jetbrains.svg" alt="" width="32"> JetBrains](http:
 ## Palace-Designs
 We would like to extend a big thank you to [<img src="/Logo/hosting-sponsor.png" alt="" width="128">](https://www.palace-designs.com/) who hosts our infrastructure pro-bono.
 
+## Huntr
+We would like to extend a big thank you to [Huntr](https://huntr.dev/repos/kareadita/kavita) who has worked with Kavita in reporting security vulnerabilities. If you are interested in 
+being paid to help secure Kavita, please give them a try.
 
 ### License
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,10 @@
+# Security Policy
+
+## Supported Versions
+
+Security is maintained on latest stable version only. 
+
+## Reporting a Vulnerability
+
+
+Please reach out to majora2007 via our Discord or you can (and should) report your vulnerability via [Huntr](https://huntr.dev/repos/kareadita/kavita).