This is a security release, upgrading is hightly recommended
Non exhaustive list of changes:
- [security] Bad chevrons rendering on dropdowns (#5468)
- [security] Iframe and forms are rendered in rich text contents (#5519)
- [security] Type juggling authentication bypass (#5520)
- [security] Malicious images upload (#5580)
- [security] Password token date was not reset (#5577)
- [security] Prevent timed attack and enforce cookie security (#5562)
- Search on dropdowns now displays fuzzy matches (#5149)
- All components were deleted when permanently deleting a computer (#5459)
- Unable to display network ports (#5460, #5461)
- Preferences not applied (#5372)
- Unable to use “forgotten password” feature (#5386)
- And many more!
You may notice displayed and archive versions are 9.4.1.1; this is because we've decided to integrate two more fixes we found after release has been prepared!
See changelog and minor changelog for details.