Skip to content

@trasher trasher released this Apr 11, 2019 · 1183 commits to 9.4/bugfixes since this release

This is a security release, upgrading is highly recommended

Download it

Non exhaustive list of changes:

  • [security] Bad chevrons rendering on dropdowns (#5468)
  • [security] Iframe and forms are rendered in rich text contents (#5519)
  • [security] Type juggling authentication bypass (#5520)
  • [security] Malicious images upload (#5580)
  • [security] Password token date was not reset (#5577)
  • [security] Prevent timed attack and enforce cookie security (#5562)
  • [security] Prevent external redirections
  • And more!
Assets 3
You can’t perform that action at this time.