• Fixed a bug where entries weren’t redirecting back to their section’s page’s URL by default.
• Fixed a bug where the resourceBasePath and resourceBaseUrl config settings weren’t being respected for console requests. (#18685)
• Fixed a bug where eager-loadable GraphQL fields could be populated with the wrong field’s results, if they followed a fragment with a *Interface type condition. (#18708)
• Fixed a bug where users with permission to edit entries, but not view peer entries in a section, weren’t allowed to edit the authors for entries in the section. (#18717)
• Fixed a bug where reference tags weren’t working with generated fields. (#18692)
• Fixed errors that could occur when applying project config changes. (#18720)
• Fixed a bug where it wasn’t always possible to sign into a user account that had the same email address as an inactive user. (#18723)
• Fixed a bug where relational fields’ element query results weren’t always limited to the selected relations if the id param was overridden. (#15570)
• Fixed an error that could occur when executing a queue job. (#18739)
• Fixed high-severity authorization bypass vulnerabilities. (GHSA-x5m4-g2cq-52pq, GHSA-3w32-23wj-rxg3, GHSA-qh45-9g5p-m2v4)
• Fixed moderate-severity permission escalation vulnerabilities. (GHSA-qq2c-2q8j-jh27, GHSA-43cq-c2gq-pfpw)