This is a security release, upgrading is recommended
This release fixes several security issues that has been recently discovered. Update is recommended!
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - Low] Blind SSRF in RSS feeds and planning (CVE-2022-39276)
- [SECURITY - Low] Stored XSS in user information (CVE-2022-39372)
- [SECURITY - Low] Improper input validation on emails links (CVE-2022-39376)
- [SECURITY - Moderate] Improper access to debug panel (CVE-2022-39370)
- [SECURITY - Moderate] User's session persist after permanently deleting his account (CVE-2022-39234)
- [SECURITY - Moderate] Stored XSS on login page (CVE-2022-39262)
- [SECURITY - Moderate] XSS in external links (CVE-2022-39277)
- [SECURITY - Moderate] XSS through public RSS feed (CVE-2022-39375)
- [SECURITY - High] SQL Injection on REST API (CVE-2022-39323)
Regards.