Security Release
This security release covers a vulnerability which would allow malicious users, who have permission to update or create pages, to load content from files stored within the storage/
or public/
directories (Such as application logs) via the page HTML export system.
If you allow untrusted users to edit page content you should update as soon as possible.
This release also changes the way browser response caching is performed, while logged in, to help prevent navigating back to confidential content after logout.
Additional Changes
- Added concurrent page editing warnings upon draft save events. Thanks to @MatthieuParis (#2877)
- Updated translations with the latest changes from Crowdin. (#2953)