• Added craft\controllers\EVENT_BEFORE_SAVE_IMAGE. (#19068)
• Added craft\events\SaveAssetImageEvent. (#19068)
• Added craft\web\Request::getPreviewParam().
• Fixed a bug where no-cache and X-Robots-Tag: none headers weren’t always being sent for requests with x-craft-preview or x-craft-live-preview query string params. (#19060)
• Fixed high-severity RCE vulnerabilities.
• Fixed a high-severity information disclosure vulnerability.
• Fixed a moderate-severity authorization bypass vulnerability.
• Fixed a low-severity information disclosure vulnerability.
• Fixed a low-severity potential path traversal vulnerability.