• Added craft\web\Request::getWantsImage().
• Added craft\web\Request::getWantsJson().
• Added craft\web\Request::wants().
• Fixed a bug where the control panel requests could trigger an infinite browser redirect loop. (#18420)
• Fixed a bug where 404 responses could be set to an image based on the brokenImagePath config setting for Chrome. (#18438)
• Fixed a moderate-severity RCE vulnerability. (GHSA-4484-8v2f-5748)
• Fixed a low-severity path traversal vulnerability. (GHSA-472v-j2g4-g9h2)