Security Release
This is a security release to address a vulnerability where page content, which should be hidden by permissions, could be visible during certain markdown exports.
We strongly advise that you update your instance if you use permissions to control page visibility.
Thanks to Ghufran Raza Khan (GitHub Profile, LinkedIn Profile) for responsibly reporting this issue.
Also thanks to Alex Dan (GitHub Profile) for also reporting this before public announcement.
Full List of Changes
- Updated queries used for pages in markdown exports.
- Updated handling of filenames for file serving.
- Updated PHP package versions.