- 🔒 Fixed staff token authorization bypass via trailing slash mismatch (#25805) - Michael Barrett
- 🔒 Fixed potential SSRF via media inliner (#25807) - Michael Barrett
- 🔒 Fixed SQL injection vulnerability in click event query (#25804) - Michael Barrett
- 🔒 Fixed ability to bypass Staff User 2FA flow (#25806) - Michael Barrett
- ✨ Added warning when a post's size exceeds email clients clipping length (#25798) - Kevin Ansfield
- ✨ Added Admin API endpoint for browsing all comments (#25700) - Rob Lester
- 🐛 Fixed overly permissive publication locale setting (#25774) - Jannis Fedoruk-Betschki
- 🐛 Fixed missing member discount data after migrations (#25720) - Sag
- 🌐 Update Portuguese translations for Portal (#25704) - Mateus Ribeiro
View the changelog for full details: v6.10.3...v6.11.0