This release fixes three XSS vulnerabilities. Those vulnerabilities only impacts shared BTCPay instances.
Special thanks to Ajmal "@B3EF" Aboobacker and Abdul "@b1nslashsh" muhaimin for finding them who contacted us through @huntrdev.
See 1, 2 and 3.

Bug fixes:

• Use CSP to prevent future XSS attacks. (#2856, #2863) @NicolasDorier
• Fix XSS vulnerabilities in summernote, the rich text editor (#2859) @dennisreimann
• The page could crash if the user clicks too many time on Notificate 'Mark as Seen' @NicolasDorier
• Fix plugins page crashing @Kukks
• Fix page crash of the perk editor in the crowdfund settings when the title is not set @dennisreimann
• Do not generate payment methods when 0 amount invoice (#2776)
• When using the BTCPay Vault, some hardware wallet types were considered unknown @NicolasDorier