- Added
craft\services\Security::isRestrictedDir(). (#19179) craft\helpers\Image::imageSizeByStream()now supports WebP, AVIF, and HEIC/HEIF images. (#19189)craft\services\Sites::getGroupById()now has a$withTrashedargument.- Fixed a bug where the
site/siteIdparams weren’t being respected on eager-loadedlocalizedqueries. (#18588) - Fixed a bug where it wasn’t possible to enter decimal values after tabbing into a Money field. (#19156)
- Fixed a bug where the search inputs on the Entry Types and Fields settings index pages were case-sensitive on PostgreSQL. (#19158)
- Fixed a bug where timepicker menus weren’t auto-scrolling to the selected time when opened. (#19142)
- Fixed an error that could occur when reassigning entries to a new author when deleting a user. (#19154)
- Fixed a bug where the “All entries” and “All users” sources weren’t available to be selected within Entries/Users field settings. (#19185)
- Fixed a bug where database backups weren’t using the
--single-transactionflag on MariaDB. (#19191) - Fixed a bug where element indexes could show multiple table columns for the same nested fields within Content Block fields. (#19197)
- Fixed a PHP error that could occur when merging canonical changes into a draft that contained nested elements. (#19187)
- Fixed an error that could occur when applying project config changes, if a site group was deleted. (#19076)
- Fixed an error that could occur when nested Matrix entries were copied. (#19195)
- Fixed a bug where project config YAML files could include component name comments with trailing whitespace. (#19198)
- Fixed a low-severity information disclosure vulnerability.
- Fixed a low-severity cache poisoning vulnerability.