This is a security release, upgrading is recommended
This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY] XSS through registration API (CVE-2022-35945)
- [SECURITY] Leak of sensitive information through login page error (CVE-2022-31143)
- [SECURITY] [critical] Command injection using a third-party library script (CVE-2022-35914)
- [SECURITY] SQL injection through plugin controller (CVE-2022-35946)
- [SECURITY] [critical] Authentication via SQL injection (CVE-2022-35947)
- [SECURITY] Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning (CVE-2022-36112)
Regards.