• Fixed an error that could occur if the purgeStaleUserSessionDuration config setting was set to a duration interval string. (#18238)
• Fixed a bug where image transforms weren’t getting regenerated on Local filesystems, if the transform params changed and the asset transform index had been cleared. (#18249)
• Fixed a bug where entry queries were executing extra database queries when the type param was used. (#18223)
• Fixed low-severity XSS vulnerabilities. (GHSA-6j87-m5qx-9fqp, GHSA-3jh3-prx3-w6wc)
• Fixed moderate-severity SSRF vulnerabilities. (GHSA-gp2f-7wcm-5fhx, GHSA-v2gc-rm6g-wrw9)
• Fixed a moderate-severity TOCTOU vulnerability. (GHSA-6fx5-5cw5-4897)