• Craft now sends no-cache headers for any request that generates a CSRF token. (#15281, verbb/formie#1963)
• Fixed a JavaScript error that occurred when creating a new custom element source, preventing the Default Sort and Default Table Columns fields from showing up.
• Fixed a bug where the control panel was getting asynchronous CSRF inputs if the asyncCsrfInputs config setting was enabled.
• Fixed a bug where Craft’s Twig implementation wasn’t respecting sandboxing rules for object properties. (#15278)