Important changes

• Security fix for html tags in invite emails. For instances using enabling multiple organizations, this is a moderate level threat in which an attacker can hide html tags in the organization name. Report wishes to remain anonymous.
  
• Security fix for improper user access escalation when Django admin is enabled. This would only effect users who enable Django admin and then provide users "is_staff" access but wish them to not have greater access. Given that this is a unlikely and not fully supported situation, we would consider it low priority for the majority of users. If you do fit in that description, you should upgrade immediately. Reporter is me - @bufke.
  

Other changes

• Upgraded to Angular 18
  
• Use redis for sessions, this is no longer configurable to simplify configuration and default to the best experience
  
• Move several API endpoints from django rest framework to async django ninja views
  
• More api's are now documented in in /api/docs
  
• Upgraded allauth, which now forces all email addresses to be lower case