Note: this release includes several security-related fixes!
- Fix SQL injection in ListFormatHelper (@Vondry)
- Prevent SSRF in upload-from-URL and embed endpoint (@Vondry)
- Filter unpublished/viewless content from the public Relation API (@Vondry)
- Block open redirect on login endpoint (@0xmgaye, fix by @bobvandevijver)
What's Changed
- Bump dependencies by @bobvandevijver in #3730
- Bump http-proxy-middleware from 2.0.9 to 2.0.10 by @dependabot[bot] in #3740
- Bump undici from 6.26.0 to 6.27.0 by @dependabot[bot] in #3737
- Bump launch-editor from 2.14.0 to 2.14.1 by @dependabot[bot] in #3731
- Bump locutus from 2.0.39 to 3.0.25 by @dependabot[bot] in #3744
Full Changelog: 6.1.3...6.1.4