🚨 Security
This is a backport of our security release for Kirby 5. For all details and vulnerabilities see: https://github.com/getkirby/kirby/releases/tag/5.4.0
We recommend all users upgrade to Kirby 5. If an upgrade is not possible, this security release is the alternative solution.
Important Installation Note
We are currently affected by an incorrect security advisory: GHSA-cw7v-45wm-mcf2 The affected versions in the advisory are not correct. 4.9.0 is not affected by this vulnerability. We are in contact with Github's security support to fix this. In the meantime, please add the following to your composer.json to install Kirby 4.9.0 successfully.
"config": {
"audit": {
"ignore": ["GHSA-cw7v-45wm-mcf2"]
}
}