CVE-2025-53908
Caution
This release fixes a critical authenticated path traversal vulnerability in an API endpoint that could allow unauthorized access to system files. All previous versions are affected. All users should update immediately to this patch version.
GHSA-fx9g-xw4j-jwc3
What's Changed
- Added proper input validation and sanitization to prevent directory traversal attacks by @gantoine in #2085
- Scan page icons by @gantoine in #2084
Full Changelog: 4.0.0-beta.2...4.0.0-beta.3