• Element edit pages once again redirect to their referral URL on save. (#18483)
• Added craft\filters\IpRateLimitIdentity. (#18510)
• Added craft\helpers\App::resourcePathByUri().
• Removed thamtech/yii2-ratelimiter-advanced. (#18510)
• Fixed a bug where global set GraphQL query caches weren’t getting invalidated when global sets were updated. (#18479)
• Fixed a bug where users/suspend-user and users/unsuspend-user actions required that the logged-in user have control panel access. (#18485)
• Fixed a bug where flipping an image within the Image Editor didn’t always work. (#18486)
• Fixed a bug where SVG files missing their width and height attributes weren’t getting them set as expected.
• Fixed an error that occurred if a template referenced a preloaded Single entry followed by a null coalescing operator. (#18503)
• Fixed a bug where links within Redactor fields were getting target="_blank" added to them. (#18500)
• Fixed an error that could occur when applying project config changes, or editing entries with an invalid entry type. (#18477, #18505)
• Fixed a bug where Content Block fields’ nested values weren’t always getting set correctly via resave commands. (#18453)
• Fixed a bug where addresses without labels weren’t getting chip labels. (#18481)
• Fixed a JavaScript error that could occur on element edit pages.
• Fixed a bug where cross-site validation errors weren’t preventing elements from getting saved. (#18292)
• Fixed a bug where failure messages when pasting elements weren’t getting displayed properly.
• Fixed a bug where craft\helpers\UrlHelper::cpReferralUrl() was returning the referrer URL even if it had the same URI as the current page. (#18483)
• Fixed a bug where Matrix field’ grouped entry type menu labels weren’t translatable. (#18528)
• Fixed moderate-severity SSRF vulnerabilities. (GHSA-3m9m-24vh-39wx, GHSA-95wr-3f2v-v2wh)
• Fixed a moderate-severity authorization bypass vulnerability. (GHSA-jq2f-59pj-p3m3)