What's Changed
- Bump phpseclib/phpseclib from 3.0.49 to 3.0.50 by @dependabot[bot] in #1394
- Bump league/commonmark from 2.8.1 to 2.8.2 by @dependabot[bot] in #1395
- Bump picomatch by @dependabot[bot] in #1396
- Bump vite from 6.4.1 to 6.4.2 by @dependabot[bot] in #1397
- Bump lodash from 4.17.23 to 4.18.1 by @dependabot[bot] in #1398
- [apache2] add setting to decide what value the ServerAdmin directive should have, fixes #1391
- [Security] validate def_language parameter against existing language files and avoid path-traversal
- [Security] fix escaping of single-quotes in generation of userdata.inc.php and validate privileged-user and mysql_ca in MysqlServer.add/update
- [Security] add validation for DNS NAPTR record content
- [Security] add symlink-validation to data-export
- [Security] fix domain-ownership validation in EmailSender.add
- [Security] fix possible unvalidated adminid in Domains.add() if admin/reseller does not have 'customer_see_all' privileges
Full Changelog: 2.3.5...2.3.6