- Check Sec-Fetch-Site header (GHSA-33j4-hc95-pggg)
- Escape REQUEST_URI (GHSA-c533-9qwm-8w5h, bug #1298)
- Validate server (GHSA-r4x9-5m63-3vxw)
- Validate server version (GHSA-h6jr-7pr6-grgj)
- SQLite: Disallow ATTACH commands (GHSA-q4f2-39gr-45jh)
- SQLite: Disallow VACUUM INTO commands (GHSA-gmx3-g29w-77wf)
- SQLite: Check filename before deleting (GHSA-6pg3-chwq-wgqc)
- Avoid unserialize() in brute force protection (bug #1289)
- Tables overview: allow sorting (bug #1231)
- Select: Disable Ctrl+click inline edit without UPDATE privilege
- Select: Display NULL in column title
- Export: Remember unchecked objects (regression from 5.0.6)
- Foreign key: Display new field in case of an error
- PostgreSQL: Order NULL last
- PostgreSQL: Display all SQL command warnings and only once
- PostgreSQL: Export serial as serial, not nextval()
- PostgreSQL: Fix GENERATED AS IDENTITY export (bug #1260)
- PostgreSQL: Export schema in nextval()
- PostgreSQL: Export schema in REFERENCES
- PostgreSQL: Add ~* operator (bug #1271)
- Editor: Display tinyint(1) as checkbox (bug #1246, regression from 5.4.2)
- Croatian translation