Security Fixes
- backend:security: prevent stored XSS by serving files with
Content-Disposition: attachmentto avoid arbitrary JavaScript execution in the browser (a6276d0)
Bug Fixes
- ci: update Dockerfile to use alpine3.22 to avoid errors with busybox-1.37.0-r29 (ede1bec)
- backend:users: clear whitelist caches when group visibility changes (071c3ae)
- frontend:files: fix DataTransfer usage after async operations and delay overwrite until analysis completes to restore overwrite on dropped files (d9935e5)
- frontend:styles: add min-width on app-auth background class (dffd5e5)
Community Highlights ❤️
We would like to thank @x0root for reporting this vulnerability and helping improve the security of the project.